Summary: A subgroup of the Russian hacking group Sandworm, known as Seashell Blizzard, has expanded its global operations through a multi-year initiative called BadPilot, targeting various sectors and regions worldwide. This group has utilized advanced malware and exploits to compromise sensitive infrastructure, supporting espionage and geopolitical objectives, particularly in relation to the Russo-Ukrainian war. The campaign represents significant growth in both the diversity and geographical spread of their operations, posing heightened risks for numerous industries.
Affected: Sandworm Group (Seashell Blizzard), Global Organizations
Keypoints :
- Seashell Blizzard has targeted sectors critical to national infrastructure, including energy, telecommunications, and arms manufacturing.
- Exploited vulnerabilities include those in ConnectWise ScreenConnect and Fortinet FortiClient, facilitating access to key systems in the UK and US.
- The subgroup employs diverse methods for establishing persistence, such as legitimate remote access tools and malicious web shells.
- Sandworm’s activities have intensified with the global scope of operations impacting various continents, including North America and Europe.
- Pirated software is exploited as an entry point for delivering malware to key Ukrainian infrastructures.
Source: https://thehackernews.com/2025/02/microsoft-uncovers-sandworm-subgroups.html