Adversary Universe Podcast

CrowdStrike research into AI coding assistants reveals a new, subtle vulnerability surface: When DeepSeek-R1 receives prompts the Chinese Communist Party (CCP) likely considers politically sensitive, the likelihood of it producing code with severe security flaws increases by up to 50%.

Stefan Stein, manager of the CrowdStrike Counter Adversary Operations Data Science team, joined Adam and Cristian for a live recording at Fal.Con 20...

Europe is a prime target for global adversaries. There is a strong emphasis on eCrime across the region as well as a rise in hacktivism and espionage stemming from ongoing conflicts. The CrowdStrike 2025 European Threat Landscape Report breaks down these trends. In this episode, Adam and Cristian cover the highlights. They start with cybercrime, a major theme of the report. The five most targeted European nations were the U.K., G...

In the Asia Pacific and Japan (APJ) region, a burgeoning set of threat actors is emerging with a different language set, distinct tools, and an ecosystem where they interact with adversaries across the threat landscape. The CrowdStrike 2025 APJ eCrime Landscape Report explores the trends and issues facing organizations operating in this part of the world. For example, criminal groups in APJ are focused on opportunistic big game hu...

Ransomware is not new, but the ransomware of today is very different from the ransomware of 1989. Today’s episode doubles as a history lesson, as Adam and Cristian look back at how a prolific global threat has evolved over the decades.

Gone are the days of malware arriving on floppy disks and victims waiting weeks to restore their systems in exchange for $200 ransom payments. “The early days of viruses were weird,” Adam points ou...

This week’s episode arrives as Adam and Cristian are gearing up for Fal.Con, CrowdStrike’s annual event taking place next week in Las Vegas. They’ll be recording a live episode on some fascinating LLM research presented at the show, so stay tuned for that in a couple of weeks. Amid their prep, they took the time to sit down for a conversation starting with a simple prompt: What are today’s security leaders and practitioners talkin...

This year at Black Hat, the topic of AI was everywhere — from hallway chats to the expo floor. Adam and Cristian took a break from the action for a rare in-person conversation about how adversaries are weaponizing AI, how defenders are using agentic AI, and what we should all be thinking about as AI evolves as an offensive and defensive tool. The AI threat is real, and advanced adversaries in particular are using it to their advan...

In the first half of 2025 alone, cloud intrusions were up 136% compared to all of 2024. China was a big driver — CrowdStrike saw a 40% year-over-year surge in intrusions from suspected cloud-conscious China-nexus threat actors. In the government sector, interactive intrusions increased 71%, and targeted intrusion activity jumped 185%.

The CrowdStrike OverWatch threat hunting team has a firsthand look at how adversaries are changi...

They never really left — they just got quieter, faster, and bolder. In this episode of the Adversary Universe podcast, Adam and Cristian trace the resurgence of SCATTERED SPIDER, one of today’s most aggressive and sophisticated adversary groups.

Once known for SIM swapping and gaming community exploits, SCATTERED SPIDER has evolved into a high-speed, high-impact ransomware crew targeting the retail, insurance, and aviation sectors....

You asked, and we answered. This episode of the Adversary Universe podcast takes a deep dive into questions from our listeners.

What did you want to know? Well, a lot about adversaries, but also about career paths and the threat intel space. Tune in to hear the answers to questions like:

•        How did you break into the threat intelligence space? •        Who is the first adversary CrowdStrike tracked?  •        Who is an advers...

Physical security and IT security have gone hand in hand for a long time. While cybersecurity teams are rightfully focused on protecting their virtual environments, they should also have an eye on whether an adversary is walking through the front door.

“Anytime there’s a physical boundary, an adversary is going to look to cross over that — whether it be in person or using some technology to get over that boundary,” Adam says in t...

Would you rather have an adversary profile you based on your AI chat history or tell your AI chatbot to forget everything it knows about you?

That’s one of many questions Adam and Cristian explore in this episode on how adversaries are integrating AI into cyberattacks. These days, it seems AI is everywhere — and that includes the adversary’s toolbox. Adam and Cristian describe multiple forms of malware that use AI in different ways...

Today’s adversaries are increasingly operating in the cloud — and Sebastian Walla, Deputy Manager of Emerging Threats at CrowdStrike, is watching them. In this episode, he joins Adam and Cristian to dive into the latest cloud attack techniques and the adversaries behind them.

So, who are they? SCATTERED SPIDER and LABYRINTH CHOLLIMA are two of the threat actors targeting and navigating cloud environments, but they have distinct met...

Latin America has become a hotspot for cyber activity. Threat actors around the world, particularly eCriminals, are targeting organizations operating in Central and South America, Mexico, and the Caribbean. Latin America-based cybercriminals are emerging as well.

The CrowdStrike 2025 Latin America Threat Landscape Report provides key insights into this activity. In its pages, the CrowdStrike Counter Adversary Operations team deta...

Ransomware has become more difficult for organizations to defend against, but easier for adversaries to deploy. The rise of ransomware-as-a-service (RaaS) — a model in which ransomware operators write the malware and affiliates pay to launch it — has lowered the barrier to entry so threat actors of all skill levels can participate and profit.

OCULAR SPIDER is one such operator. This adversary, newly named by CrowdStrike, is assoc...

To anticipate threat actors’ behavior, we must understand them. That’s why CrowdStrike closely tracks the evolution and activity of 257 named adversaries, including the eCrime actor LUNAR SPIDER. “They almost behave like a startup; they’re constantly testing and innovating and developing what they’re doing,” Adam says of the group. “It’s an interesting paradigm when you think about how these eCrime actors operate.” In this episod...

When an adversary wants to target an organization, they want to make it look like they’re coming from a regional or local internet service provider. This makes their activity seem more legitimate and buys time until they get caught. Proxies, which adversaries can use to conceal the origin of malicious traffic, are essential to this process.

NSOCKS is a residential proxy provider that CrowdStrike researchers dug into to learn more...

China’s cyber enterprise is rapidly growing: China-nexus activity was up 150% across industries in 2024, with a 200-300% surge in key sectors such as financial services, media, manufacturing, and industrials/engineering. CrowdStrike identified seven new China-nexus adversaries in 2024.

“After decades investing in offensive cyber capabilities, China has achieved parity with some of the top players out there, and I think that is the ...

DeepSeek took the internet by storm earlier this year, making headlines and sparking conversations about its development, use, and associated risks. Today, Adam and Cristian take a deep dive into the new AI model.

At a time when new AI models are constantly emerging, the launch of DeepSeek has led to questions and concerns around AI model security, data security, and national security. What is DeepSeek, and how was it trained? What...

Cyberattacks targeting critical infrastructure have made more headlines in recent years, sparking concern about how these systems are protected. Adversaries are taking aim at older technologies that are both essential to everyday life and difficult to secure.

Our guest for this episode is Greg Bell, chief strategy officer at Corelight. Before he co-founded the network security firm, Greg spent most of his career working in the Nati...