- The Russian piracy group ‘Seashell Blizzard’ has claimed victims in its ‘Badpilot’ campaign
- The group is diversifying its objectives, which no longer focuses completely on the infrastructure of Eastern Europe
- Microsoft’s intelligence report reveals that the United States and the United Kingdom are now in their sights
A campaign backed by Russian ‘Badpilot’ has been in operation since at least 2021, and is pointing to ‘Global Infrastructure of high value to support network operations, has affirmed a new investigation.
In an increasingly more digital dependent world, cyber attacks can be a very effective way to damage the critical infrastructure of a country and cause chaos without crossing the line in a complete war, has revealed a report from the Microsoft threat intelligence team .
The campaign is carried out mainly by the group of threats ‘Seashell Blizzard’, and the group has taken advantage of opportunistic access techniques ‘and collect credentials, achieves the execution of commands and supports the lateral movement that has led to’ commitments of Substantial regional network ‘.
Critical objectives
Since the beginning of 2024, Seashell Blizzard has expanded its range of objectives from beyond Eastern Europe to include the United States and the United Kingdom, exploiting faults mainly in Connectwise Screenconnect it Management and monitoring software and safety software Fortinet Forticlient EMS security.
It seems likely that these attacks can continue to claim victims in the West as well, since the group diversifies its objectives and expands its range of objectives, this describes the movement of threat actors aligned in Russian towards the states or international organizations that are geopolitically ” significant, “or that provide support or help to Ukraine.
“Since Seashell Blizzard is the cyber tip of the Russian spear in Ukraine, Microsoft threatening intelligence evaluates that this access subgroup will continue to innovate new horizontally scalable techniques to compromise networks both in Ukraine and in the world in the support of the objectives of Russia War and evolving national priorities “the report confirms.
The cybercrime is a lucrative business, and the actors backed by the State have been observed using cyber attacks to help finance their operations, including Russia, Iran, China and North Korea, but that is not their only objective.
Groups such as Seashell Blizzard have been pointing to a critical infrastructure, especially in Ukraine, to interrupt and damage the services they provide. Attacks such as Phishing campaigns, malware distribution and supply chain attacks have addressed energy industries, retail education, consulting and agriculture since 2022, and are designed to demoralize populations and erode confidence in the Zelensky government.
