- Russian Hacking Group ‘Seashell Blizzard’ has demanded victims in his ‘badpilot’ campaign
- The group diversifies its goals and no longer focuses completely on Eastern European infrastructure
- Microsoft’s threat information report reveals that the US and Britain are now in its sights
A Russian-supported campaign ‘Badpilot’ has been in operation since at least 2021 and is targeting ‘Global Infrastructure with high value in support of network operations’, new research has claimed
In an increasingly digitally dependent world, cyberattacks can be a serious way to harm a country’s critical infrastructure and cause chaos without crossing the line to fully blown warfare, a report from Microsoft’s threat information team has revealed.
The campaign is performed primarily by the threat group ‘Seashell Blizzard’, and the group has ‘geared opportunistic access techniques’ and collects credentials, achieves command performance and supports lateral movement that has led to ‘significant regional networking grants’.
Critical goals
Since the beginning of 2024, Seashell Blizzard has expanded its selection of goals from Beyond Eastern Europe to include the US and UK, where they are primarily utilized in Connectwise Screenconnect It Remote Management and Monitoring Software and Fortinet Forticlient EMS Security Software.
It looks likely that these attacks can continue to demand victims in the West as well as the group diversifies its goals and expands its selection of goals, this outlines the transition from Russian-adapted threat actors to states or international organizations that are geopolitical ‘significant ‘,, or who provides support or help to Ukraine.
“Given that Sahell Blizzard is Russia’s cyber tip of the spear in Ukraine, Microsoft Threat Intelligence estimates that this access subgroup will continue to innovate new horizontally scalable techniques to compromise networks both in Ukraine and globally in support of Russia’s war targets and developing national priorities.” confirms.
Cybercrime is a lucrative business and state -sponsored actors have been observed using cyberattacks to help fund their operations, including Russia, Iran, China and North Korea – but that’s not their only goal.
Groups like Seashell Blizzard have targeted critical infrastructure, especially in Ukraine, to interfere with and damage the services they provide. Attacks such as phishing campaigns, malware -distribution and supply chain attacks have targeted energy, retail education, counseling and agricultural industries since 2022 and are designed to demoralize the population and erode the confidence in Zelensy’s government.
