See every side of every news story
Get Started
SubscribeLogin
Basketball
Donald Trump
CPAC
Everton
Pope Francis
Hamas
Ukraine War
Volodymyr Zelenskyy
Baseball
Elon Musk
Israel-Hamas Conflict
Premier League
Published loading...Updated

Russian Sandworm Subgroup Expands Global Cyberattack Campaign

  • A subgroup of Russia's Sandworm has accessed networks in the US, UK, Canada, and Australia, stealing credentials and data from a limited number of organizations, according to Microsoft.
  • The Sandworm subgroup, tracked by Microsoft as Seashell Blizzard, has been running a near-global campaign called BadPilot since at least 2021.
  • By 2023, the BadPilot campaign gained persistent access to numerous high-value sectors in the US, Europe, Central Asia, and the Middle East.
  • In early 2024, the subgroup started using remote management tools for persistence and communication with command-and-control servers, according to Microsoft.
Insights by Ground AI
Does this summary seem wrong?

14 Articles

All
Left
1
Center
3
Right
CyberScoopCyberScoop

Russian state threat group shifts focus to US, UK targets

A subgroup of Seashell Blizzard has shifted its focus to targets in the U.S., Canada, Australia and the U.K. within the past year, expanding the scope of its malicious activity, Microsoft’s threat intelligence team said in a report released Wednesday. The initial-access operation, which Microsoft tracks as the “BadPilot campaign,” has allowed the Russian state threat group — commonly known as Sandworm, which operates on behalf of the Russian Mil…

Read Full Article
The RegisterThe Register

Microsoft fingers Russia's Sandworm in US, UK attacks

'Near-global' initial access campaign active since 2021

Read Full Article
WiredWired

A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks

A team Microsoft calls BadPilot is acting as Sandworm's “initial access operation,” the company says. And over the last year it's trained its sights on the US, the UK, Canada, and Australia.

·United States
Read Full Article
BleepingComputerBleepingComputer

BadPilot network hacking campaign fuels Russian SandWorm attacks

A subgroup of the Russian state-sponsored hacking group APT44, also known as 'Seashell Blizzard' and 'Sandworm', has been targeting critical organizations and governments in a multi-year campaign dubbed 'BadPilot.'

Read Full Article
Help Net SecurityHelp Net Security

Sandworm APT's initial access subgroup hits organizations accross the globe - Help Net Security

A subgroup of Russia’s Sandworm APT has been working to achieve initial and persistent access to the IT networks of organizations working in economic sectors Russia is interested in. “In 2022, its primary focus was Ukraine, specifically targeting the energy, retail, education, consulting, and agriculture sectors. In 2023, it globalized the scope of its compromises, leading to persistent access within numerous sectors in the United States, Europe…

Read Full Article
NumeramaNumerama

Microsoft pulls alarm bell against a new group of Russian hackers with worrying ambitions

The cybersecurity teams at Microsoft have noticed the emergence of a new group of pirates linked to Russian military intelligence. These pirates are close to a unit known for its destructive attacks. For more than a decade, Sandworm, the Kremlin's most aggressive cyber-war unit, has been leading cyber-security

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 75% of the sources are Center
75% Center
Factuality

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

Malware Analysis, News and Indicators broke the news in on Tuesday, February 11, 2025.
Sources are mostly out of (0)

Similar News Topics

Vladimir Putin

Vladimir Putin

Europe

Europe

Hacking

Hacking

Microsoft

Microsoft

Oceania

Oceania

Windows

Windows

Tech

Tech

News
For You
Search
BlindspotLocal