Vanilla Tempest: The Threat Actor Behind Recent Hospital Ransomware Attacks
Description
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Anna and Keivan to discuss two prominent threat actors: Vanilla Tempest and Peach Sandstorm.
Vanilla Tempest, a financially motivated cybercrime group, has been involved in recent ransomware attacks on U.S. hospitals, utilizing various ransomware payloads such as Ink. They are known for using tools like PowerShell scripts and Goot Loader to exfiltrate data and extort victims. Peach Sandstorm, an Iranian nation-state threat actor, focuses on cyber espionage and intelligence collection. They have targeted various sectors, including energy, defense, and critical infrastructure, and have shown increasing sophistication in their attacks. Later, Sherrod speaks with Colton Bremer, a senior security researcher at Microsoft, about his work on the Defender Experts (DEX) team. Colton explains the different tiers of DEX services, which focus on detecting and mitigating advanced threats that may bypass traditional security measures.
In this episode you’ll learn:
- A backdoor called Tickler that uses Azure infrastructure for command and control
- The significance of these groups' tactics and maintaining ransomware resiliency
- The different tiers of DEX services detecting and mitigating advanced threats
Some questions we ask:
- How does Vanilla Tempest typically execute their attacks?
- Has Peach Sandstorm evolved over time in their cyber espionage efforts?
- What can individuals or organizations do to mitigate cloud identity abuse?
Resources:
View Colton Bremer on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
United States
