Adversary Universe Podcast

To anticipate threat actors’ behavior, we must understand them. That’s why CrowdStrike closely tracks the evolution and activity of 257 named adversaries, including the eCrime actor LUNAR SPIDER. “They almost behave like a startup; they’re constantly testing and innovating and developing what they’re doing,” Adam says of the group. “It’s an interesting paradigm when you think about how these eCrime actors operate.” In this episod...

When an adversary wants to target an organization, they want to make it look like they’re coming from a regional or local internet service provider. This makes their activity seem more legitimate and buys time until they get caught. Proxies, which adversaries can use to conceal the origin of malicious traffic, are essential to this process.

NSOCKS is a residential proxy provider that CrowdStrike researchers dug into to learn more...

China’s cyber enterprise is rapidly growing: China-nexus activity was up 150% across industries in 2024, with a 200-300% surge in key sectors such as financial services, media, manufacturing, and industrials/engineering. CrowdStrike identified seven new China-nexus adversaries in 2024.

“After decades investing in offensive cyber capabilities, China has achieved parity with some of the top players out there, and I think that is the ...

DeepSeek took the internet by storm earlier this year, making headlines and sparking conversations about its development, use, and associated risks. Today, Adam and Cristian take a deep dive into the new AI model.

At a time when new AI models are constantly emerging, the launch of DeepSeek has led to questions and concerns around AI model security, data security, and national security. What is DeepSeek, and how was it trained? What...

Cyberattacks targeting critical infrastructure have made more headlines in recent years, sparking concern about how these systems are protected. Adversaries are taking aim at older technologies that are both essential to everyday life and difficult to secure.

Our guest for this episode is Greg Bell, chief strategy officer at Corelight. Before he co-founded the network security firm, Greg spent most of his career working in the Nati...

“It would not be an understatement to say that China is the number one national security concern that I think we have here in the West.”

China’s offensive cyber activity has undergone a massive shift: What used to be simple smash-and-grab operations in the mid-2000s have evolved into sophisticated business models. We got a lens into this environment through a leak stemming from Chinese company I-Soon, whose data provided a narrow b...

It has been another busy year for defenders and adversaries alike. As we wrap up 2024, Adam and Cristian reflect on the nation-state and eCrime threat activity that defined this year and what they expect as we head into 2025. Tune in to hear their observations on changing eCrime activity in Latin America, Chinese adversaries evolving their tactics and targeting telecommunications entities, the disruption of eCrime operations in th...

Adversaries have realized their time-honored attack methods involving clunky malware and malicious attachments are no longer working, largely due to endpoint detection and response tools alerting security teams to their activity. To improve their success rate, many are turning to cross-domain attacks.

Cross-domain attacks span multiple domains within an organization’s environment; namely, identity, endpoint and cloud. An adversary ...

On Nov. 19, 2024, Adam testified in front of the U.S. Senate Judiciary Subcommittee on Privacy, Technology, and the Law on Chinese cyber threats to critical infrastructure. This was the first time he publicly spoke about LIMINAL PANDA, a China-nexus state-sponsored threat actor that has been targeting telecommunications organizations since at least 2020.

LIMINAL PANDA is a newly named adversary, but CrowdStrike has been tracking it...

If a business wants to know what an adversary might be capable of, they can seek the help of a red team. These cybersecurity professionals are tasked with emulating adversary activity to achieve specific objectives in their clients’ environments. Their goal is to find an organization’s weaknesses — before a real adversary does — so it can strengthen its security posture. But what does a red team actually do, and who are the people ...

China and Taiwan have a long history of geopolitical tension that has evolved from land and sea to cyberspace. Relations between the two recently took an interesting turn when the Chinese Ministry of State Security (MSS) claimed hacktivist entity Anonymous 64 targeted China and its territories with attempted disinformation and public communication disruption. The Chinese government further alleged the activity was directed by the T...

On Oct. 1, 2024, an international law enforcement coalition announced the disruption of a senior member of INDRIK SPIDER, who was also an affiliate of the BITWISE SPIDER ransomware as a service operation. CrowdStrike often works with law enforcement to identify, track and stop cyber threats, and we played a key role in this operation.

In this episode, Adam and Cristian are joined by a member of CrowdStrike’s intelligence collection...

The kernel is the brain of the operating system. It controls everything that happens on a computer and has full access to the hardware and all system resources. Though it has a small code base, the kernel plays a critical role in how systems and applications operate, interact and stay secure.

Due to the current architecture and design of Windows systems, cybersecurity products running in the platform — particularly those involved i...

Next week marks the start of Fal.Con 2024. CrowdStrike’s annual conference brings together cybersecurity leaders and practitioners, as well as our customers and partners, in Las Vegas for four days of keynotes, breakout sessions, workshops and demos.

Adam and Cristian will both be speaking at this year’s show. In this episode, they share the talks they’re most excited about and how they tie into the broader threat landscape. Some s...

For students aspiring to work in cybersecurity, sitting in a classroom isn’t enough to gain the skills and experience they need to succeed. Industry internships are invaluable opportunities to learn how security pros operate in the real world and understand the responsibilities each role requires.

CrowdStrike’s University Program welcomes interns across virtually every field to gain this real-world experience. This summer, David Fe...

FAMOUS CHOLLIMA, a new adversary CrowdStrike is tracking, has recently made headlines for its insider threat activity. In April 2024, CrowdStrike Services responded to the first of several incidents in which FAMOUS CHOLLIMA threat actors targeted 30+ US-based companies. The insiders claimed to be US residents and were hired for remote IT positions, which granted them access they exploited to attempt data exfiltration, install malwa...

Where in the world are Adam and Cristian? In this episode, they’re coming to you live from São Paulo, Brazil, where they sat down with a special guest: Fernando Madureira. Fernando is the Global CISO of Cosan, a Brazilian conglomerate of several businesses spanning energy, transportation and logistics, and other sectors that operates around the world.

Given Cosan’s size and the nature of its business, Fernando has a broad range of ...

How do adversaries react when they know they’re being tracked? How do they respond to organizations that are on to them — and how do they know what the defenders know?

In this episode, Adam and Cristian explore how adversary behavior shifts as their activity is discovered and tracked. Today’s adversaries carefully research their victims. They read corporate blog posts and craft their techniques based on the information defenders sh...