Microsoft has reported that the 'Seashell Blizzard' subgroup of Russia's Sandworm has been conducting a global initial access campaign known as 'BadPilot', targeting sectors crucial to national infrastructure, including energy and telecommunications. Initially focused on Ukraine, BadPilot has expanded its reach to include high-value organizations in the US, UK, Canada, and Australia, utilizing common vulnerabilities for sustained access. Microsoft's findings highlight the strategic evolution of Sandworm's operations, from initial access to potential destructive attacks, stressing the significant and persistent nature of this cyber threat.
An initial-access subgroup of Russia's Sandworm has infiltrated networks in the US, UK, Canada, and Australia, stealing credentials from several organizations.
The BadPilot campaign, launched by Sandworm since at least 2021, targets high-value sectors like energy and telecommunications, expanding its focus over the years.
Microsoft assesses that Seashell Blizzard uses this initial access to maintain persistent access as new exploits are acquired, indicating a long-term operational strategy.
Collection
[
|
...
]