Seashell Blizzard Ramping Up Operations and OSINT Trends of DPRK Threat Actors

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Elise Eldridge and Anna Seitz to discuss the most recent notable developments across the threat landscape.  

The threat actor, also known as Sandworm or APT44, has also been observed resuming the use of the wrappers WalnutWipe and SharpWipe, and expanded the use of the Prickly Pear malware downloader.

The team highlights the geopolitical implications of these attacks, particularly in the context of Russia's influence on energy and global events. Sherrod also touches on the history of wipers in cyber operations and transitions to a discussion with Elise about trends in North Korean cyber activity, emphasizing Microsoft's ongoing efforts to analyze and mitigate these threats. 

In this episode you’ll learn:      

• Why recent attacks have targeted the European energy sector 
• How Seashell Blizzard’s attacks in 2024 involved spear-phishing campaigns 
• Why North Korean hackers infiltrate companies through remote IT job programs 

Some questions we ask:       

• How has Seashell Blizzard returned to using wipers, and what might explain this shift? 
• After sending out crafted spear-phishing emails, what happens next in the attack chain? 
• How might global geopolitics impact Seashell Blizzard's campaigns? 

Resources:  

View Elise Eldridge LinkedIn  

View Anna Seitz on LinkedIn  

View Sherrod DeGrippo on LinkedIn  

Related Microsoft Podcasts:                   

• Afternoon Cyber Tea with Ann Johnson 
• The BlueHat Podcast 
• Uncovering Hidden Risks     

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.