Published 2 months ago • loading... • Updated 2 months ago

Russian Sandworm Subgroup Expands Global Cyberattack Campaign

A subgroup of Russia's Sandworm has accessed networks in the US, UK, Canada, and Australia, stealing credentials and data from a limited number of organizations, according to Microsoft.
The Sandworm subgroup, tracked by Microsoft as Seashell Blizzard, has been running a near-global campaign called BadPilot since at least 2021.
By 2023, the BadPilot campaign gained persistent access to numerous high-value sectors in the US, Europe, Central Asia, and the Middle East.
In early 2024, the subgroup started using remote management tools for persistence and communication with command-and-control servers, according to Microsoft.

Insights by Ground AI

Does this summary seem wrong?

14 Articles

All

Left

Center

Right

CyberScoop

Center

Russian state threat group shifts focus to US, UK targets

A subgroup of Seashell Blizzard has shifted its focus to targets in the U.S., Canada, Australia and the U.K. within the past year, expanding the scope of its malicious activity, Microsoft’s threat intelligence team said in a report released Wednesday. The initial-access operation, which Microsoft tracks as the “BadPilot campaign,” has allowed the Russian state threat group — commonly known as Sandworm, which operates on behalf of the Russian Mil…

2 months ago

Read Full Article

The Register

Center

Microsoft fingers Russia's Sandworm in US, UK attacks

'Near-global' initial access campaign active since 2021

2 months ago

Read Full Article

Wired

Lean Left

A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks

A team Microsoft calls BadPilot is acting as Sandworm's “initial access operation,” the company says. And over the last year it's trained its sights on the US, the UK, Canada, and Australia.

2 months ago·United States

Read Full Article

BleepingComputer

Center

BadPilot network hacking campaign fuels Russian SandWorm attacks

A subgroup of the Russian state-sponsored hacking group APT44, also known as 'Seashell Blizzard' and 'Sandworm', has been targeting critical organizations and governments in a multi-year campaign dubbed 'BadPilot.'

2 months ago

Read Full Article

Help Net Security

Sandworm APT's initial access subgroup hits organizations accross the globe - Help Net Security

A subgroup of Russia’s Sandworm APT has been working to achieve initial and persistent access to the IT networks of organizations working in economic sectors Russia is interested in. “In 2022, its primary focus was Ukraine, specifically targeting the energy, retail, education, consulting, and agriculture sectors. In 2023, it globalized the scope of its compromises, leading to persistent access within numerous sectors in the United States, Europe…

2 months ago

Read Full Article

Numerama

Microsoft pulls alarm bell against a new group of Russian hackers with worrying ambitions

The cybersecurity teams at Microsoft have noticed the emergence of a new group of pirates linked to Russian military intelligence. These pirates are close to a unit known for its destructive attacks. For more than a decade, Sandworm, the Kremlin's most aggressive cyber-war unit, has been leading cyber-security

2 months ago

Read Full Article

Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/year