A Russian state-backed hacking group is executing one of the most far-reaching cyber espionage campaigns ever seen, infiltrating critical infrastructure across multiple continents by exploiting vulnerabilities in IT management software.
The operation, attributed to the notorious Russian threat actor Seashell Blizzard, has compromised high-profile targets in energy, telecommunications, defense, and government sectors, including in the US, Canada, Australia, and the UK, Microsoft said in a report.
The software major has warned that the scale and persistence of these attacks pose an immediate and severe risk to global cybersecurity.
“Active since at least 2021, this subgroup within Seashell Blizzard has leveraged opportunistic access techniques and stealthy forms of persistence to collect credentials, achieve command execution, and support lateral movement that has at times led to substantial regional network compromises,” Microsoft said in the report.
Seashell Blizzard’s activities align with those tracked by other security vendors under various names, including BE2, UAC-0133, Blue Echidna, Sandworm, PHANTOM, BlackEnergy Lite, and APT44.
Russian cyber warfare expands beyond Ukraine
The hacking subgroup tracked as the “BadPilot campaign,” has been active since at least 2021, originally focusing on Ukraine and Europe. Microsoft reports that the operation has now extended its reach into North America, Central Asia, and the Middle East.
The geographical targeting to a near-global scale expands Seashell Blizzard’s operations beyond Eastern Europe,” said the report.
Seashell Blizzard, linked to Russia’s Military Intelligence Unit 74455 (GRU), has a long history of cyberespionage and destructive cyberattacks aligned with Kremlin interests.
This latest campaign demonstrates the group’s growing sophistication in leveraging stealth tactics and opportunistic access methods to gain control of high-value networks.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
