Seashell Blizzard Ramping Up Operations and OSINT Trends of DPRK Threat Actors
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Elise Eldridge and Anna Seitz to discuss the most recent notable developments across the threat landscape.
The conversation centers around Seashell Blizzard, a threat actor also known as Sandworm or APT-44, which has been active since at least 2013. Recently, Seashell Blizzard has resumed using spear-phishing campaigns targeting the European energy sector and Ukrainian entities, deploying destructive malware like Walnut Wipe and Prickly Pear.
The team highlights the geopolitical implications of these attacks, particularly in the context of Russia's influence on energy and global events. Sherrod also touches on the history of wipers in cyber operations and transitions to a discussion with Elise about trends in North Korean cyber activity, emphasizing Microsoft's ongoing efforts to analyze and mitigate these threats.
In this episode you’ll learn:
- Why recent attacks have targeted the European energy sector
- How Seashell Blizzard’s attacks in 2024 involved spear-phishing campaigns
- Why North Korean hackers infiltrate companies through remote IT job programs
Some questions we ask:
- How has Seashell Blizzard returned to using wipers, and what might explain this shift?
- After sending out crafted spear-phishing emails, what happens next in the attack chain?
- How might global geopolitics impact Seashell Blizzard's campaigns?
Resources:
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Microsoft Threat Intelligence 