Major Russian hacking group shifts focus to US and UK targets

News
By
published

Seashell Blizzard targets high-value infrastructure

Russia
(Image credit: Shutterstock)
  • Russian hacking group 'Seashell Blizzard' has claimed victims in its 'BadPilot' campaign
  • The group is diversifying its targets, no longer focusing entirely on Eastern European infrastructure
  • Microsoft's Threat Intelligence Report reveals the US and UK are now in its sights

A Russian-backed campaign ‘BadPilot’ has been in operation since at least 2021, and is targeting ‘high-value global infrastructure to support network operations’, new research has claimed

In an increasingly digitally dependent world, cyberattacks can be a seriously effective way to damage a country’s critical infrastructure and cause chaos without crossing the line into full-blown warfare, a report from Microsoft’s Threat Intelligence team has revealed.

The campaign is primarily carried out by threat group ‘Seashell Blizzard’, and the group has ‘leveraged opportunistic access techniques’ and collects credentials, achieves command execution, and supports lateral movement that has led to ‘substantial regional network compromises’.

Critical targets

Since early 2024, Seashell Blizzard has expanded its range of targets from beyond Eastern Europe to include the US and UK, exploiting flaws ‘primarily in ConnectWise ScreenConnect IT remote management and monitoring software and Fortinet FortiClient EMS security software.

It looks likely that these attacks could continue to claim victims in the west too, as the group diversifies its targets and expand its range of targets This outlines the move from Russian-aligned threat actors towards states or international organizations which are geopolitically ‘significant’, or that provide support or aid to Ukraine.

“Given that Seashell Blizzard is Russia’s cyber tip of the spear in Ukraine, Microsoft Threat Intelligence assesses that this access subgroup will continue to innovate new horizontally scalable techniques to compromise networks both in Ukraine and globally in support of Russia’s war objectives and evolving national priorities” the report confirms.

Cybercrime is a lucrative business, and state-backed actors have been observed using cyberattacks to help fund their operations, including Russia, Iran, China, and North Korea - but that’s not their only goal.

Groups like Seashell Blizzard have been targeting critical infrastructure, especially in Ukraine, in order to disrupt and damage the services they provide. Attacks like phishing campaigns, malware distribution, and supply chain attacks have targeted energy, retail education, consulting, and agriculture industries since 2022, and are designed to demoralize the populations and erode confidence in Zelensky’s government.

You might also like

TOPICS
Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

More about security
Security

Intel slams Nvidia and AMD, claims chip giants have huge numbers of security flaws
Flags of Iran, China, Russia and North Korea on a wall. China North Korea Iran Russia alliance

Cybercrime is helping fund rogue nations across the world - and it's only going to get worse, Google warns
Artbreeder

What is Artbreeder? Everything we know about the AI art platform
See more latest