Podcasts

Already Inside The House: How Nation-States Weaponize Your Enterprise Tools

Written by Lee Mangold | Apr 30, 2026 5:19:05 PM

Attackers don't need sophisticated malware when they can turn your own management tools into weapons. In this special episode of Absolutely Critical, host Lee Mangold sits down with Dave Gordon, Senior Threat Intelligence Specialist, and Andrea Schaumann-Phillips, Director of Federal Engagement at Fortress, to walk through the Q1 2026 threat intelligence brief covering 157 critical incidents targeting US critical infrastructure supply chains.

 

Iranian group Handala compromised one Microsoft Intune administrator credential at Stryker, then executed a single remote wipe command across 200,000 systems in 79 countries. No ransomware. Just operational obliteration. TeamTCP poisoned Trivy and Checkmarx, security scanners trusted by developers worldwide, harvesting cloud credentials from 10,000 organizations. Chinese actors maintained six-month dwell inside Notepad++'s update infrastructure. Russian actors deployed wiperware against Poland's renewable energy HMIs during snowstorms. Volt Typhoon continues patient pre-positioning inside Midwest utilities.

This isn't theoretical. It's operational. What does Monday morning look like when your vendor becomes your entry point?

You'll learn more about:

  • The One-Click Obliteration: How compromising a single management console enables simultaneous destruction across global infrastructure—and why Stryker couldn't prevent 200,000 devices from going offline.

  • The Pipeline Poisoning Pattern: Why TeamTCP's attack on Trivy and Checkmarx turned DevSecOps security scanners into credential harvesting machines.

  • The Surgical Supply Chain Strike: How Chinese actors maintained six-month access inside Notepad++ to surgically target telecoms and financial institutions.

  • Pre-Positioning for Kinetic Conflict: What Volt Typhoon's years-long dwell inside US utilities reveals about nation-state intent.

  • When Recovery Infrastructure Becomes the Target: Why Iranian actors attack backup systems alongside production environments.

This podcast is for: CISOs, GRC professionals, and security leaders responsible for protecting critical infrastructure and human capital against evolving AI-driven threats.

Learn More About Fortress: https://www.fortressinfosec.com/
Connect With Lee: ​​https://www.linkedin.com/in/leemangold/

Connect With Dave Gordon: https://www.linkedin.com/in/dago858951118/

Connect With Andrea Schaumann-Phillips: https://www.linkedin.com/in/alsgl/ 

 
View full post