
Show overview
Adversary Universe Podcast has been publishing since 2023, and across the 3 years since has built a catalogue of 76 episodes, alongside 1 trailer or bonus episode. That works out to roughly 45 hours of audio in total. Releases follow a fortnightly cadence.
Episodes typically run twenty to thirty-five minutes — most land between 27 min and 40 min — though episode length varies meaningfully from one episode to the next. None of the episodes are flagged explicit by the publisher. It is catalogued as a EN-language Technology show.
The show is actively publishing — the most recent episode landed 6 days ago, with 11 episodes already out so far this year. Published by CrowdStrike.
From the publisher
Modern adversaries are relentless. Today’s threat actors target organizations around the world with sophisticated cyberattacks. Who are they? What are they after? And most importantly, how can you defend against them? Welcome to the Adversary Universe podcast, where CrowdStrike answers all of these questions — and more. Join our hosts, a pioneer in adversary intelligence and a specialist in cybersecurity technology, as they unmask the threat actors targeting your organization.
Latest Episodes
View all 76 episodesExamining the Glassworm Takeover with Tillmann "Bot Slayer" Werner
China Targets Technology to Steal AI Capabilities It Can’t Build
Adversaries Follow the Money: The CrowdStrike 2026 Financial Services Threat Landscape Report
The Partnerships Taking on AI Security: Daniel Bernard, CrowdStrike Chief Business Officer
The "Vuln-pocalypse" Looms: Are We Cooked?
Ep 70Hunting Supply Chain Attacks with Jared Myers, Director, CrowdStrike OverWatch
Supply chain attacks targeting AI have recently been making headlines — and keeping the CrowdStrike OverWatch team busy. Jared Myers, director of CrowdStrike OverWatch, joins Adam in this episode to discuss his team’s approach to detecting and responding to these attacks. When a supply chain attack uses a zero-day vulnerability to breach a target, it’s often the CVE that grabs attention. But the zero-day isn’t what CrowdStrike OverWatch is after, Jared says. It’s the follow-on tradecraft once the adversary is inside. He takes listeners behind the scenes of the team’s response to recent supply chain attacks, including the MOVEit attack of 2023 and the Axios supply chain incident of March 2026, to share the technical details of how the team learns and acts on information as attacks are unfolding. Identity is an essential component in supply chain attacks, Jared explains. Once an adversary is in, they’re looking for a user account to help them move laterally. He shares advice with listeners and key takeaways from the team’s identity threat hunting. CrowdStrike OverWatch is a 24/7/365 operation, with experts working around the clock across time zones with visibility into trillions of events per day. By the time an attack makes headlines, CrowdStrike OverWatch may have known about it for months. “We don’t ever stop looking; we don’t ever stop hunting,” says Jared. Notes: • Blog: STARDUST CHOLLIMA Likely Compromises Axios npm Package [https://www.crowdstrike.com/en-us/blog/stardust-chollima-likely-compromises-axios-npm-package/] • Blog: From Scanner to Stealer: Inside the trivy-action Supply Chain Compromise [https://www.crowdstrike.com/en-us/blog/from-scanner-to-stealer-inside-the-trivy-action-supply-chain-compromise/]
Ep 69Breaking Down the New National Cybersecurity Strategy
The Trump administration has released a national cybersecurity strategy that commits to strengthening defenses through six core pillars: employing more offensive cyber operations, streamlining regulations, modernizing and protecting federal networks, securing critical infrastructure, leading in new technologies, and developing talent. In this episode, Rob Sheldon, Sr. Director of Public Policy and Strategy at CrowdStrike, joins Adam and Cristian for a deep dive into three of the pillars that are top of mind for them: offensive cyber operations, updating federal systems, and protecting critical infrastructure. They discuss why these are difficult problems to solve and key considerations for how to approach them, including relevant threat activity and the involvement of the private sector. Though they could have talked about this for hours, this is a busy team! Check out the full cybersecurity strategy text for more details. [https://www.whitehouse.gov/wp-content/uploads/2026/03/President-Trumps-Cyber-Strategy-for-America.pdf] Interested in government cybersecurity? Register here for Fal.Con Gov 2026, taking place March 18 in Washington, D.C. [https://www.crowdstrike.com/en-us/events/fal-con/gov/register/]
Ep 68Speed, Stealth, and AI: The CrowdStrike 2026 Global Threat Report
It’s that time of year: The CrowdStrike 2026 Global Threat Report is live, and Adam and Cristian are here to break down the key findings. This year’s report spotlights adversaries’ heightened speed, their evolving use of AI, an increase in activity from China and North Korea, and the growth of supply chain attacks, zero-day exploitation, and cloud targeting. For new listeners, the annual Global Threat Report delivers an analysis of the modern threat landscape based on CrowdStrike's frontline observations and real-world threat intelligence from the previous year. 2026 was the year of the evasive adversary. As defenses get stronger, adversaries are focused on refining their techniques to target security blind spots and bypass detection. AI is helping them accelerate and find creative ways around defenses for hands-on-keyboard operations. In 2025, AI-enabled adversaries increased attacks by 89% year-over-year. The trend is poised to continue: “I don’t think AI is going to create the malware — I think AI is going to be the malware,” Adam said. But AI isn’t the only factor shaping the modern threat landscape. Below are a few key stats from the report: • The average eCrime breakout time fell to 29 minutes — a 65% increase in speed from 2024. The fastest breakout we observed occurred in just 27 seconds. • 82% of detections were malware-free, continuing a steady trend in recent years. • North Korea-nexus incidents jumped 130%, and FAMOUS CHOLLIMA's activity doubled compared to 2024. • We observed a 42% increase in vulnerabilities exploited prior to public disclosure and a 37% rise in cloud-conscious intrusions. Tune in to learn about these findings and more from the CrowdStrike 2026 Global Threat Report.
Ep 67Interview with a Threat Hunter: Brody Nisbet, Sr. Director of CrowdStrike OverWatch
Threat hunting is hard to define, but Brody Nisbet, Sr. Director of CrowdStrike OverWatch, breaks down the basics in an episode that starts with the CrowdStrike OverWatch mission and dives into his stories from the front lines of threat hunting. This team detects adversaries in customer environments before they can achieve their nefarious goals. “Our mission is to outcompete your adversary,” Brody says. His team notifies customers of adversary activity and provides them with the actionable intelligence required to protect themselves. A staggering amount of data goes into the CrowdStrike OverWatch team's process: 5.7 trillion events per day (65 million events per second). The team triages this data and “sorts the wheat from the chaff” to figure out what’s most important for each business. As you might imagine, this work leads to some fascinating findings and stories. Tune in to hear Adam, Cristian, and Brody chat about encounters with FAMOUS CHOLLIMA and OPERATOR PANDA — and a cold case centered around malware dubbed Fluffy Cannoli.
Ep 66LABYRINTH CHOLLIMA Evolves into Three Adversaries
LABYRINTH CHOLLIMA, which is among the most prolific DPRK-nexus adversaries that CrowdStrike tracks, has evolved into three separate threat actors: GOLDEN CHOLLIMA, PRESSURE CHOLLIMA, and LABYRINTH CHOLLIMA. Each adversary has specialized goals and tradecraft. While LABYRINTH CHOLLIMA continues to prioritize espionage and targets specific industries, GOLDEN CHOLLIMA and PRESSURE CHOLLIMA focus on cryptocurrency entities and stand out for the scale and scope of their operations. In this episode, Adam and Cristian explain when it became clear that one adversary had evolved into three and discuss how they differ — and, interestingly, what they still have in common. Despite operating independently, the three adversaries still share tools and infrastructure, a sign of coordination within the DPRK cyber ecosystem. To put this development into context, the hosts take us back to the early days of North Korea's cyber activity and trace the progression of the many nation-state threat actors operating on its behalf. Tune in to learn about a significant update for a prolific nation-state adversary. Learn more about: • The LABYRINTH CHOLLIMA evolution in our new blog post • Fal.Con Gov 2026 • CrowdTour 2026
Ep 65Taking Down Cybercriminals with Shawn Henry, Former FBI Leader
How do you take down a cybercriminal? Last month, we explored that question through the lens of Operation Endgame. Today, we ask Shawn Henry, former Executive Assistant Director of the FBI and current Executive Advisor to the Founder and CEO of CrowdStrike. In some ways, it’s similar to taking down criminals in the physical world. But the speed and scale of cybercrime operations exacerbate the challenge of stopping them. While infrastructure can be dismantled, the impact is now short-lived as adversaries pivot to other setups. While law enforcement considers how to replicate successful operations, cybercriminals are thinking about how they can adapt and stay ahead. For those pursuing adversaries, speed and scale are difficult to achieve. As Shawn explains, successful takedowns require collaboration among dozens of groups; among them law enforcement agencies, international partners, intelligence analysts, reverse engineers, prosecutors, and private sector organizations that have visibility into adversary infrastructure. “A takedown isn’t a single door-kick moment. It’s a monthslong choreography of legal process and infrastructure mapping and partner synchronization,” he says. Are there ways to accelerate the process? He has a few ideas. Tune in as Shawn joins Adam and Cristian to share a behind-the-scenes take on stopping cybercrime. Learn the key challenges law enforcement faces, how a takedown comes together, why arrests alone aren’t enough to stop adversaries, and where there is still an opportunity to have real impact.
Ep 642025 Wrapped: Updates on This Year’s Hottest Topics
This was a busy year for the Adversary Universe podcast. We covered the emergence of new adversaries, the weaponization of AI, critical CrowdStrike research, and how cyberattacks look in different regions of the world. To recap 2025, we’re revisiting the topics that resonated most with our listeners to share year-end updates. Adam and Cristian cover the I-Soon data leaks, evolution of China as a nation-state threat, re-emergence of SCATTERED SPIDER, and the latest in ransomware-as-a-service. Tune in to learn the factors that may shape Chinese cyber operations in 2026 and why SCATTERED SPIDER activity looks different now compared to its summer of cybercrime. As a bonus, Adam shares some of the latest eCrime stats his team is seeing as we close out 2025 and explains why he believes we’ll see “an explosion of zero-days” in the months ahead. The adversary never slows down — and neither do we. We look forward to bringing you more information on the newest cyber threats in 2026. For more information: • I-Soon episode: See You I-Soon: A Peek at China’s Offensive Cyber Operations • Blog post: Unveiling WARP PANDA, a New Sophisticated China-Nexus Adversary • Blog post: CrowdStrike Services Observes SCATTERED SPIDER Escalate Attacks Across Industries
Ep 63Is This Endgame? How Takedowns Are Reshaping eCrime
In November 2025, a major public-private sector collaboration took down three significant malware networks. Operation Endgame involved law enforcement agencies from six EU countries, Australia, Canada, the U.K., and the U.S., along with Europol and 30 private sector partners, including CrowdStrike. The dismantled infrastructure consisted of hundreds of thousands of infected computers containing several million stolen credentials. Operation Endgame was a critical disruption of adversary operations — but it wasn’t the first. Law enforcement has for years sought to take down adversary infrastructure and often partners with private sector organizations like CrowdStrike to inform their operations. By disrupting the tools and processes threat actors rely on, these takedowns raise the cost for adversaries and make it harder for them to operate. As Adam and Cristian discuss in this episode, takedowns require careful planning and constant innovation. Adversaries are always finding new techniques and tools, and law enforcement must do the same. While disruption may slow them down, threat actors are often quick to pivot and find new ways to achieve their goals. In this episode, we examine how law enforcement takedowns disrupt adversary operations, how adversaries respond, where the private sector provides support, and what this all means for organizations facing modern threats.
Ep 62Defrosting Cybersecurity’s Cold Cases with CrowdStrike’s Tillmann Werner
Not all cybercrimes are resolved. Some threat groups disappear completely, and some malware is never seen again. But sometimes, a long-dormant case is cracked open and elusive answers are found. Tillmann Werner, VP of Intelligence Production at CrowdStrike, has been a member of the CrowdStrike Intelligence team since 2012 and has analyzed many of these cold cases. In this episode, he joins Adam to chat about unresolved cyberattacks, the adversaries behind them, and cases that remained inactive for years before new technology or data allowed experts to close them. While it’s frustrating to close a file without success, Tillmann says, the evolution of technology and proliferation of data often help solve old cases that have collected dust. Tune in to hear Adam and Tillmann look back at decades-old eCrime and nation-state campaigns, some of which now have answers — and others that remain a mystery.
Ep 61Prompted to Fail: The Security Risks Lurking in DeepSeek-Generated Code
CrowdStrike research into AI coding assistants reveals a new, subtle vulnerability surface: When DeepSeek-R1 receives prompts the Chinese Communist Party (CCP) likely considers politically sensitive, the likelihood of it producing code with severe security flaws increases by up to 50%. Stefan Stein, manager of the CrowdStrike Counter Adversary Operations Data Science team, joined Adam and Cristian for a live recording at Fal.Con 2025 to discuss how this project got started, the methodology behind the team’s research, and the significance of their findings. The research began with a simple question: What are the security risks of using DeepSeek-R1 as a coding assistant? AI coding assistants are commonly used and often have access to sensitive information. Any systemic issue can have a major and far-reaching impact. It concluded with the discovery that the presence of certain trigger words — such as mentions of Falun Gong, Uyghurs, or Tibet — in DeepSeek-R1 prompts can have severe effects on the quality and security of the code it produces. Unlike most large language model (LLM) security research focused on jailbreaks or prompt injections, this work exposes subtle biases that can lead to real-world vulnerabilities in production systems. Tune in for a fascinating deep dive into how Stefan and his team explored the biases in DeepSeek-R1, the implications of this research, and what this means for organizations adopting AI.
Ep 60Extortion Rises and Nation-State Activity Intensifies: The CrowdStrike 2025 European Threat Landscape Report
Europe is a prime target for global adversaries. There is a strong emphasis on eCrime across the region as well as a rise in hacktivism and espionage stemming from ongoing conflicts. The CrowdStrike 2025 European Threat Landscape Report breaks down these trends. In this episode, Adam and Cristian cover the highlights. They start with cybercrime, a major theme of the report. The five most targeted European nations were the U.K., Germany, Italy, France, and Spain, which also represent the region’s largest economies (excluding Russia). The most targeted sectors were manufacturing, professional services, technology, industrials and engineering, and retail. Adam explains how eCrime threat actors are looking for victims with a high need to stay operational. “With manufacturing, if they’re knocked offline because of ransomware, they can count the downtime in dollars and cents,” he shares as an example. On the nation-state front, Russia is top of mind. Since its invasion of Ukraine in 2022, many Russian threat actors who operated globally are more focused on Ukraine and areas related to the conflict. Adam and Cristian discuss reports of North Korean threat actors supporting the Russians with weapons and personnel, North Korea targeting Ukraine, and the tactics and techniques that stand out most. The European threat landscape is crowded and complex. Tune in to understand the key findings, and download the full report for more details. https://www.crowdstrike.com/en-us/resources/reports/2025-european-threat-landscape-report/
Ep 59Thriving Marketplaces and Regional Threats: The CrowdStrike 2025 APJ eCrime Landscape Report
In the Asia Pacific and Japan (APJ) region, a burgeoning set of threat actors is emerging with a different language set, distinct tools, and an ecosystem where they interact with adversaries across the threat landscape. The CrowdStrike 2025 APJ eCrime Landscape Report explores the trends and issues facing organizations operating in this part of the world. For example, criminal groups in APJ are focused on opportunistic big game hunting and primarily target organizations in manufacturing, technology, industrials and engineering, financial services, and professional services. The sale of phishing kits is popular, with some going for up to $1 million. These threat actors prefer phishing, spam campaigns, and remote access toolkits to enable their operations. And they often find them on thriving Chinese-language marketplaces, which enable the sale of illicit services. While Eastern Europe is typically known as a hotbed of eCrime activity, the APJ region is one to watch. Tune in to hear Adam and Cristian discuss the key adversaries operating in the region, the threats that stand out to them, and how defenders can stay safe. Read the report: 2025 APJ eCrime Landscape Report Watch on YouTube: https://youtu.be/97javj3hmAA
Ep 58A Brief History of Ransomware
Ransomware is not new, but the ransomware of today is very different from the ransomware of 1989. Today’s episode doubles as a history lesson, as Adam and Cristian look back at how a prolific global threat has evolved over the decades. Gone are the days of malware arriving on floppy disks and victims waiting weeks to restore their systems in exchange for $200 ransom payments. “The early days of viruses were weird,” Adam points out. But much has changed since then. Several factors — the advent of cryptocurrency, the rise of enterprise targeting, and the shift to ransomware as a service — have caused the threat to transform. Today’s adversaries run ransomware like a business and collect hundreds of millions of dollars in payments. The hosts reflect on the first ransomware to hit a business, the first to make news headlines, and the first major botnet operator to deploy ransomware, among other key events. Tune in for a discussion that spans years of ransomware evolution, highlights the key adversaries involved, and explains how businesses can defend themselves as the threat landscape continues to change.
Ep 57Tech Sector Targeting, Innovation Race, Fal.Con Countdown
This week’s episode arrives as Adam and Cristian are gearing up for Fal.Con, CrowdStrike’s annual event taking place next week in Las Vegas. They’ll be recording a live episode on some fascinating LLM research presented at the show, so stay tuned for that in a couple of weeks. Amid their prep, they took the time to sit down for a conversation starting with a simple prompt: What are today’s security leaders and practitioners talking about? Their discussion sheds light on the industries hardest hit by nation-state and eCrime activity and explores why some sectors, like technology and telecommunications, are seeing a sharp spike in targeted intrusions while others are facing an increase in cybercrime. Tune in to learn about shifts in Chinese cyber activity, what happens when an adversary sees another adversary in a target environment, and whether modern tech innovations will drive changes in cyber espionage.
Ep 56Live at Black Hat: What’s AI Really Capable Of?
This year at Black Hat, the topic of AI was everywhere — from hallway chats to the expo floor. Adam and Cristian took a break from the action for a rare in-person conversation about how adversaries are weaponizing AI, how defenders are using agentic AI, and what we should all be thinking about as AI evolves as an offensive and defensive tool. The AI threat is real, and advanced adversaries in particular are using it to their advantage. They’re improving the wording in social engineering attacks, creating deepfakes in fraudulent job interviews, and targeting victims on a more personal level. FAMOUS CHOLLIMA is an example of one adversary “using it for everything,” the hosts say. SCATTERED SPIDER is another adversary to watch. On the other side, defenders are adopting agentic AI to expedite their response. Adam and Cristian explore the importance of protecting AI workloads, the potential for insider threats with AI models, and the growing need for AI governance and security guardrails. If AI is monitoring security services, they ask, who guards the guardian? Tune in for an in-depth conversation on what AI is really capable of — and stick around for a sneak peek of an upcoming guest episode, where a guest joins to discuss young adversaries moving from online gaming to organized cybercrime.