Muddled Libra: From Spraying to Preying in 2025 [Threat Vector]

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 26 July 2025

⏱️ 34 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Please enjoy this Special Edition episode of the Threat Vector podcast with an update on our previous Muddled Libra coverage. Muddled Libra is back and more dangerous than ever. In this episode of Threat Vector, David Moulton speaks with Sam Rubin and Kristopher Russo from Unit 42 about the resurgence of the threat group also known as Scattered Spider. They break down the group’s shift to destructive extortion, modular attack teams, and cloud-first tactics. Discover why traditional defenses fail, how attackers now exploit trusted tools, and what forward-leaning security leaders are doing to stay ahead. With real-world case studies, strategic advice, and insights from the front lines, this episode helps defenders understand today’s threat landscape and what’s coming next. Join the conversation on our social media channels: Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/ Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠ Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠ YouTube: @paloaltonetworks Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠ About Threat Vector Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the Cyberwire Network, powered by N2K.
0:09.7	Welcome with ThreatVector, the Palo Alto Networks podcast, where we discuss pressing cybersecurity threats and resilience and uncover insights in the latest industry
0:21.7	trends. I'm your host, David Moulton, Senior Director of Thought Leadership for Unif 42, and today I'm back
0:28.3	with two returning guests on the podcast. Sam Rubin is the head of Unif42 with over 20 years of
0:34.0	experience. Sam has built and led world-class cybersecurity teams at the
0:38.0	Cripsis Group in Stros Feinberg. He now oversees the global consulting and threat
0:42.6	intelligence teams at Unif 42. Christopher Russo, principal threat researcher at Unif 42,
0:49.1	was one of the first guests appearing all the way back on episode two, where we discussed
0:53.2	early findings on the
0:54.6	cybercrime group known as Muddle Libra.
0:57.4	Since then, Christopher has continued tracking this evolving threat actor and published deep
1:01.6	technical insights that helped defenders counter-sophisticated attacks.
1:17.0	Today, we're going to talk about Muddled Libra's resurgence in 2025, their use of destructive extortion, evolution into cloud-first attacks, and the steps organizations can take to stay
1:21.8	ahead of this fast-moving adversary.
1:25.4	Chris, it's great to have you back on the show.
1:27.6	You were one of our first guests back on episode two, and you helped introduce many
1:32.0	listeners to Muddled Libra for the first time.
1:34.5	How has your perspective on this group evolved since then?
1:38.3	So this is an incredibly interesting group, because what we've seen is a shift from being
1:43.9	one primary focus,
1:46.4	less than two dozen attackers, really going after the supply chain crypto-oriented attack.
1:54.3	We've seen it split into different teams, and these teams are structured kind of like what you would expect to see in the
	...

Transcript will be available on the free plan in 3 days. Upgrade to see the full transcript now.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.