Octo Tempest Threat Actor Profile

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Microsoft threat research experts to talk about the activities of a threat actor known as Octo Tempest (which overlaps with research associated with 0ktapus, Scattered Spider, and UNC3944) and the blog released by Microsoft threat intelligence and Microsoft incident response groups. The discussion covers various tactics, techniques, and procedures Octo Tempest employs, such as SIM swapping, SMS phishing, and living off the land rather than using traditional malware. Octo Tempest is portrayed as a highly bespoke and hands-on threat actor, often engaged in "keyboard-to-keyboard combat" and showing extreme persistence even after being detected.      In this episode you’ll learn:       Techniques used to modify email rules and evade defensive tools  The contrast between tailored attacks and automated targeted threat actors   Why organizations should separate high-privileged accounts from normal user accounts     Some questions we ask:      Is there an end game for OctoTempest, and is it always ransomware?  What is the importance of assuming the first-factor password is already compromised?  How can organizations test controls and alerting for their security posture?    Resources:   View Sherrod DeGrippo on LinkedIn   https://aka.ms/octo-tempest      Related Microsoft Podcasts:   Afternoon Cyber Tea with Ann Johnson   The BlueHat Podcast   Uncovering Hidden Risks    Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.