Open SesameOp: Abusing trusted AI platforms to host a C2 server

To kick off Season 3 of Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Microsoft security researchers Anna Seitz and Jonathan Checchi.   Our guests examine two developments shaping today’s threat landscape: the cloud-native evolution of ransomware group Storm-0501 and the SesameOp backdoor’s abuse of trusted AI platforms for stealthy command-and-control. The discussion highlights how identity, hybrid-cloud pivot points, and federated authentication enable high-impact attacks without traditional malware, and why policy-compliant platform abuse is becoming harder to detect.   Sherrod, Anna, and Jonathan provide guidance for defenders around enforcing MFA, tightening conditional access and identity controls, monitoring across cloud and on-prem environments, and partnering with platform providers to disrupt emerging attacker tradecraft.  In this episode you’ll learn:       What happens when threat actors gain control of highly privileged identities  Why monitoring identity behavior is as critical as monitoring endpoints  How attacker tactics are adapting to environments that blend cloud and on-prem systems   Some questions we ask:      What does recent threat activity tell us about where the landscape is headed?  How is Storm-0501 using federated authentication in their operations?  What should security teams focus on as AI becomes more integrated into systems?  Resources:   View Anna Seitz on LinkedIn   View Sherrod DeGrippo on LinkedIn    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.