Cyberattacks targeting critical infrastructure have made more headlines in recent years, sparking concern about how these systems are protected. Adversaries are taking aim at older technologies that are both essential to everyday life and difficult to secure. Our guest for this episode is Greg Bell, chief strategy officer at Corelight. Before he co-founded the network security firm, Greg spent most of his career working in the National Laboratory system, part of the U.S. Department of Energy. He...
Feb 06, 2025•34 min•Ep. 43
“It would not be an understatement to say that China is the number one national security concern that I think we have here in the West.” China’s offensive cyber activity has undergone a massive shift: What used to be simple smash-and-grab operations in the mid-2000s have evolved into sophisticated business models. We got a lens into this environment through a leak stemming from Chinese company I-Soon, whose data provided a narrow but revealing glimpse into the Chinese cyber contractor marketplac...
Jan 16, 2025•36 min•Ep. 42
It has been another busy year for defenders and adversaries alike. As we wrap up 2024, Adam and Cristian reflect on the nation-state and eCrime threat activity that defined this year and what they expect as we head into 2025. Tune in to hear their observations on changing eCrime activity in Latin America, Chinese adversaries evolving their tactics and targeting telecommunications entities, the disruption of eCrime operations in the United States and more. And of course, you’ll hear the stories a...
Dec 19, 2024•33 min•Ep. 41
Adversaries have realized their time-honored attack methods involving clunky malware and malicious attachments are no longer working, largely due to endpoint detection and response tools alerting security teams to their activity. To improve their success rate, many are turning to cross-domain attacks. Cross-domain attacks span multiple domains within an organization’s environment; namely, identity, endpoint and cloud. An adversary most often starts with a set of stolen credentials, which allows ...
Dec 12, 2024•40 min•Ep. 40
On Nov. 19, 2024, Adam testified in front of the U.S. Senate Judiciary Subcommittee on Privacy, Technology, and the Law on Chinese cyber threats to critical infrastructure. This was the first time he publicly spoke about LIMINAL PANDA, a China-nexus state-sponsored threat actor that has been targeting telecommunications organizations since at least 2020. LIMINAL PANDA is a newly named adversary, but CrowdStrike has been tracking its activity for over three years. It uses custom tools and demonst...
Nov 27, 2024•40 min•Ep. 39
If a business wants to know what an adversary might be capable of, they can seek the help of a red team. These cybersecurity professionals are tasked with emulating adversary activity to achieve specific objectives in their clients’ environments. Their goal is to find an organization’s weaknesses — before a real adversary does — so it can strengthen its security posture. But what does a red team actually do, and who are the people on these teams? In this episode, Cristian is joined by CrowdStrik...
Nov 07, 2024•48 min•Ep. 38
China and Taiwan have a long history of geopolitical tension that has evolved from land and sea to cyberspace. Relations between the two recently took an interesting turn when the Chinese Ministry of State Security (MSS) claimed hacktivist entity Anonymous 64 targeted China and its territories with attempted disinformation and public communication disruption. The Chinese government further alleged the activity was directed by the Taiwanese government, whose officials are investigating the activi...
Oct 24, 2024•34 min•Ep. 37
On Oct. 1, 2024, an international law enforcement coalition announced the disruption of a senior member of INDRIK SPIDER, who was also an affiliate of the BITWISE SPIDER ransomware as a service operation. CrowdStrike often works with law enforcement to identify, track and stop cyber threats, and we played a key role in this operation. In this episode, Adam and Cristian are joined by a member of CrowdStrike’s intelligence collection team to dive into the takedown, the years of cybercrime evolutio...
Oct 10, 2024•54 min•Ep. 36
The kernel is the brain of the operating system. It controls everything that happens on a computer and has full access to the hardware and all system resources. Though it has a small code base, the kernel plays a critical role in how systems and applications operate, interact and stay secure. Due to the current architecture and design of Windows systems, cybersecurity products running in the platform — particularly those involved in endpoint protection — require kernel access to provide the high...
Oct 01, 2024•35 min•Ep. 35
Next week marks the start of Fal.Con 2024. CrowdStrike’s annual conference brings together cybersecurity leaders and practitioners, as well as our customers and partners, in Las Vegas for four days of keynotes, breakout sessions, workshops and demos. Adam and Cristian will both be speaking at this year’s show. In this episode, they share the talks they’re most excited about and how they tie into the broader threat landscape. Some sessions will dive into insights from the CrowdStrike Counter Adve...
Sep 12, 2024•14 min•Ep. 34
For students aspiring to work in cybersecurity, sitting in a classroom isn’t enough to gain the skills and experience they need to succeed. Industry internships are invaluable opportunities to learn how security pros operate in the real world and understand the responsibilities each role requires. CrowdStrike’s University Program welcomes interns across virtually every field to gain this real-world experience. This summer, David Feldman and Chandler McClellan interned for the CrowdStrike threat ...
Aug 29, 2024•37 min•Ep. 33
FAMOUS CHOLLIMA, a new adversary CrowdStrike is tracking, has recently made headlines for its insider threat activity. In April 2024, CrowdStrike Services responded to the first of several incidents in which FAMOUS CHOLLIMA threat actors targeted 30+ US-based companies. The insiders claimed to be US residents and were hired for remote IT positions, which granted them access they exploited to attempt data exfiltration, install malware and conduct other malicious activity. CrowdStrike has now info...
Aug 21, 2024•31 min•Ep. 32
Where in the world are Adam and Cristian? In this episode, they’re coming to you live from São Paulo, Brazil, where they sat down with a special guest: Fernando Madureira. Fernando is the Global CISO of Cosan, a Brazilian conglomerate of several businesses spanning energy, transportation and logistics, and other sectors that operates around the world. Given Cosan’s size and the nature of its business, Fernando has a broad range of threats at top of mind. Operational technology (OT) security is a...
Jul 11, 2024•21 min•Ep. 31
What happens when there is a takedown of a major cybercriminal group or law enforcement activity has a major impact on its leadership? In this episode, Adam and Cristian unpack what happens in the aftermath of a takedown, including how some groups splinter, reemerge and even rebrand.
Jun 27, 2024•43 min•Ep. 30
How do adversaries react when they know they’re being tracked? How do they respond to organizations that are on to them — and how do they know what the defenders know? In this episode, Adam and Cristian explore how adversary behavior shifts as their activity is discovered and tracked. Today’s adversaries carefully research their victims. They read corporate blog posts and craft their techniques based on the information defenders share. As this intelligence becomes more detailed, organizations li...
Jun 13, 2024•35 min•Ep. 29
What happens when two cyber superpowers — and the most populous countries in the world — target one another? Tensions between China and India have been rising in recent years, and it’s time we take a deep dive into the many factors at play. In this episode, Adam and Cristian examine the dynamics between the two nations, the drivers of their evolving cyber activity and the key adversaries involved in this growing conflict. “The key thing to understand here is adversaries are not only focused on u...
May 30, 2024•37 min•Ep. 28
Social engineering is not a new threat — adversaries have long used psychological manipulation to gain access, money, information and more. But as we learn in this episode from Shelly Giesbrecht, Director of Professional Services at CrowdStrike, it remains a top cybersecurity challenge for all organizations. Today’s social engineers are more convincing than ever. Gone are the days of clunky phishing emails rife with spelling errors. Modern social engineering attacks arrive as convincing and well...
May 23, 2024•43 min•Ep. 27
The rise of hacktivism — the use of hacking techniques to make a statement supporting a political or social cause — is often associated with the Occupy Wall Street movement and the Anonymous hacktivist collective. But the practice of hacking as a form of civil disobedience goes back to the 1990s. It has taken many forms in the years since, driven by a wide range of hacktivists around the world. In this episode, Adam and Cristian trace the history of hacktivism to its early days, dive into high-p...
May 09, 2024•37 min•Ep. 26
Organizations fear adversaries will attack. Threat hunters assume adversaries are already in the system — and their investigations seek unusual behavior that may indicate malicious activity is afoot. Andrew Munchbach, CrowdStrike’s Global VP, Field Engineering, joins Adam and Cristian in this week’s episode to explore what threat hunting is, how it works, and what makes a good threat hunting program. As CrowdStrike’s “Chief Reddit Officer”, Andrew also shares how he came to run CrowdStrike’s Red...
Apr 25, 2024•36 min•Ep. 25
Today’s conversation explores a common question around adversary activity: Why does attribution matter? When a cyberattack hits, why go to the trouble of learning who is behind it? Each attempt at an intrusion can reveal a lot about an adversary — who they are, what they’re doing and what their motivations may be. This information can not only inform your response to an attack but how you strengthen your security architecture against future attacks. In this episode, Adam and Cristian discuss the...
Apr 11, 2024•50 min•Ep. 24
The National Security Agency’s Cybersecurity Collaboration Center (CCC) was created based on a growing need for the public and private sectors to work together and share insights to understand adversaries’ intentions, as well as the scope and scale of their activity. In this special episode of the Adversary Universe podcast, Adam and Cristian are joined by Morgan Adamski, Chief of the CCC and government security expert, onstage at CrowdStrike’s Gov Threat Summit in Washington, D.C. “We both had ...
Mar 28, 2024•26 min•Ep. 23
CrowdStrike Chief Security Officer Shawn Henry joined CrowdStrike as employee number 19 after a 24-year career at the FBI, where he retired as the Bureau’s Executive Assistant Director. Today, he joins Adam and Cristian for a wide-ranging conversation exploring his early days at CrowdStrike and transition to the private sector, his perspective on the 2016 DNC breach and the risks modern elections face. Adversaries have numerous opportunities to sway voters’ opinions — and now they have the techn...
Mar 14, 2024•44 min•Ep. 22
The days of automated cyberattacks are dwindling: last year CrowdStrike saw a 60% jump in interactive intrusions, a type of attack in which a human is on the other side, working to break in and navigating their target environment as soon as they gain access. Most (75% of) attacks in 2023 didn’t involve malware at all — in nearly all cases, the adversary relied on identity-related techniques or exploited an unmanaged device. The threat landscape is constantly evolving as adversaries explore new t...
Feb 22, 2024•36 min•Ep. 21
CrowdStrike has long said, “You don’t have a malware problem — you have an adversary problem.” Much like we analyze the malware and tools used in cyberattacks, we must also learn about the people who orchestrate them. Adam and Cristian are joined by Cameron Malin, a behavioral profiler who specializes in understanding adversaries and the “why” behind their activity. Cameron built the FBI’s Cyber Behavioral Analysis Unit, which works to understand the motivations for cybercrime across different t...
Feb 15, 2024•45 min•Ep. 20
Though the inner workings of North Korea remain a mystery to much of the world, its global cyber activity has been tracked and analyzed for years. CrowdStrike’s Counter Adversary Operations team, which tracks five North Korean threat actors, has a unique perspective on the country’s evolution as a global cybersecurity threat and the many ways it has used cyber capabilities to achieve its goals. In this episode, Adam and Cristian trace the history of North Korean cyber operations from its early d...
Feb 01, 2024•39 min•Ep. 19
Cristian is joined by CrowdStrike Global CTO Elia Zaitsev to revisit the world of AI and large language models (LLMs), this time from the perspective of modern defenders. While this space has seen explosive growth in the past year, most organizations are still working to determine how LLM technology fits into their cybersecurity strategies. In this episode, Cristian and Elia unpack the rapid evolution of AI models — a trend the two consider both exciting and frightening — and examine how LLMs ar...
Jan 18, 2024•42 min•Ep. 18
In mid-December 2023, an adversary CrowdStrike tracks as VOODOO BEAR targeted Ukrainian telecom provider Kyivstar, wreaking havoc and disrupting thousands of systems and assets. The Russia-linked adversary has for years treated Ukraine as its “lab of offensive cyber operations”, testing attack techniques and demonstrating the destructive behavior it has become known for since it emerged in late 2010. In this episode, Adam and Cristian dive into the details of the recent Kyivstar attack and how i...
Jan 11, 2024•41 min•Ep. 17
It has been a whirlwind year for the cybersecurity industry. In this episode of the Adversary Universe podcast, we revisit clips from standout episodes of 2023. Tune in to catch pieces of our conversations on the evolution of cloud-focused cyberattacks, the rise of cyber activity from Iran and China, the process of discovering and mitigating vulnerabilities, the role of AI in the cyber threat landscape and more. For those who want to listen to the full episodes related to each of these clips, th...
Dec 28, 2023•29 min•Ep. 16
Organizations around the world must navigate a growing number of cyber incident reporting regulations mandated by government bodies. In the U.S., these regulations come from agencies including the Securities and Exchange Commission (SEC), Federal Trade Commission (FTC), Cybersecurity and Infrastructure Security Agency (CISA) and others. This “alphabet soup” of regulations, as Cristian puts it, can be tough for businesses to understand and follow — especially as the threat landscape evolves and c...
Dec 14, 2023•56 min•Ep. 15
Today’s adversaries are working smarter, not harder — and it’s clear in the way their tactics are evolving. In this episode, Adam and Cristian explore the way adversaries are shifting their focus to data extortion. Instead of deploying noisy ransomware, more threat actors are quietly stealing data and threatening to publicly leak it if they’re not paid. Tune in to learn what’s driving this change, why data extortion is successful and what it means for organizations of all sizes and industries. G...
Nov 30, 2023•25 min•Ep. 14
