The Russian hacking group Seashell Blizzard, under the campaign 'BadPilot', has been targeting critical infrastructure and government entities worldwide since 2021. Initially focused on Ukraine and Eastern Europe, their operations have now expanded to include targets in the US, UK, Canada, and Australia. This group has been involved in espionage, destructive attacks, and manipulation of industrial control systems, aligning with Russian military objectives since 2022. Notably, they exploit vulnerabilities in various popular software platforms to gain unauthorized access and collect sensitive information.
Active since at least 2021, this subgroup within Seashell Blizzard has leveraged opportunistic access techniques and stealthy forms of persistence to collect credentials, achieve command execution, and support lateral movement that has at times led to substantial regional network compromises.
The BadPilot campaign marks an expansion of Seashell Blizzard's activities beyond Ukraine and Eastern Europe, to focus on the US, the UK, Canada, and Australia over the last year.
Seashell Blizzard has, since Russia's invasion of Ukraine in 2022, carried out a steady stream of operations complementing Russian military objectives.
This includes popular platforms such as Microsoft Exchange, Zimbra Collaboration, OpenFire, JetBrains TeamCity, Microsoft Outlook, ConnectWise ScreenConnect, Fortinet FortiClient EMS, and JBOSS.
Collection
[
|
...
]