Microsoft's recent research highlights the evolution of the Sandworm hacking group, particularly a faction called BadPilot. Initially focused on disrupting Ukraine, BadPilot's cyber operations have expanded globally, with a notable focus on networks in English-speaking countries like the US, UK, Canada, and Australia. This group employs a strategy of broad intrusion attempts, assessing which networks to exploit further. Microsoft's report indicates that BadPilot hands over access gained to other hackers for more targeted attacks, illustrating a significant shift in its operational focus.
Microsoft describes BadPilot as initiating a high volume of intrusion attempts, casting a wide net and then sorting through the results to focus on particular victims.
Over the last three years, the geography of the group's targeting has evolved: In 2022, it set its sights almost entirely on Ukraine, then broadened its hacking in 2023 to networks worldwide.
Collection
[
|
...
]