RedPacket SecuritySeashell Blizzard Expansion: Russian Group Enlists Initial Access Subgroup for Global Operations - https://www.redpacketsecurity.com/russian-seashell-blizzard-enlists-specialist-initial-access-subgroup-to-expand-ops/
BGDon 🇨🇦 🇺🇸 👨💻Microsoft's threat intelligence team published new research into a Russian hacking subgroup within Seashell Blizzard and its "BadPilot" project. Seashell Blizzard conducts global activities on behalf of the GRU.
BadPilot is an initial access operation focused on breaching and gaining a foothold in victim networks. In 2022, it set its sights almost entirely on Ukraine, then broadened its hacking in 2023-2024 to home in on victims in the US, UK, Canada and Australia. Targets are typically energy, oil and gas, telecommunications, shipping, logistics, arms manufacturing and government agencies.
https://www.microsoft.com/en-us/security/blog/2025/02/12/the-badpilot-campaign-seashell-blizzard-subgroup-conducts-multiyear-global-access-operation/ #Cybersecurity #Hackers #Russia #GRU #BadPilot #Seashell_Blizzard #Microsoft #ThreatIntelligence #Breach #CVE
The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation | Microsoft Security Blog
Microsoft is publishing for the first time our research into a subgroup within the Russian state actor Seashell Blizzard and its multiyear initial access operation, tracked by Microsoft Threat Intelligence as the “BadPilot campaign”. This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations.