Major Russian hacking group shifts focus to US and UK targets

Russia
(Image credit: Shutterstock)

  • Russian hacking group 'Seashell Blizzard' has claimed victims in its 'BadPilot' campaign
  • The group is diversifying its targets, no longer focusing entirely on Eastern European infrastructure
  • Microsoft's Threat Intelligence Report reveals the US and UK are now in its sights

A Russian-backed campaign ‘BadPilot’ has been in operation since at least 2021, and is targeting ‘high-value global infrastructure to support network operations’, new research has claimed

In an increasingly digitally dependent world, cyberattacks can be a seriously effective way to damage a country’s critical infrastructure and cause chaos without crossing the line into full-blown warfare, a report from Microsoft’s Threat Intelligence team has revealed.

The campaign is primarily carried out by threat group ‘Seashell Blizzard’, and the group has ‘leveraged opportunistic access techniques’ and collects credentials, achieves command execution, and supports lateral movement that has led to ‘substantial regional network compromises’.

Critical targets

Since early 2024, Seashell Blizzard has expanded its range of targets from beyond Eastern Europe to include the US and UK, exploiting flaws ‘primarily in ConnectWise ScreenConnect IT remote management and monitoring software and Fortinet FortiClient EMS security software.

It looks likely that these attacks could continue to claim victims in the west too, as the group diversifies its targets and expand its range of targets This outlines the move from Russian-aligned threat actors towards states or international organizations which are geopolitically ‘significant’, or that provide support or aid to Ukraine.

“Given that Seashell Blizzard is Russia’s cyber tip of the spear in Ukraine, Microsoft Threat Intelligence assesses that this access subgroup will continue to innovate new horizontally scalable techniques to compromise networks both in Ukraine and globally in support of Russia’s war objectives and evolving national priorities” the report confirms.

Cybercrime is a lucrative business, and state-backed actors have been observed using cyberattacks to help fund their operations, including Russia, Iran, China, and North Korea - but that’s not their only goal.

Groups like Seashell Blizzard have been targeting critical infrastructure, especially in Ukraine, in order to disrupt and damage the services they provide. Attacks like phishing campaigns, malware distribution, and supply chain attacks have targeted energy, retail education, consulting, and agriculture industries since 2022, and are designed to demoralize the populations and erode confidence in Zelensky’s government.

You might also like

TOPICS
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
A red padlock image against a digital map of the earth in blue.
Midnight Blizzard hacking group hijacks RDP proxies to launch malware attacks
A smartphone on a sofa showing the WhatsApp, Telegram and Signal apps
Russian criminal gang Star Blizzard found hitting WhatsApp accounts
Hook on Keyboard
Fake DocuSign and HubSpot phishing emails target 20,000 Microsoft Azure accounts
China
Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps to steal business data
An American flag flying outside the US Capitol building against a blue sky
US military and defense contractors hit with Infostealer malware
Russian flag on a laptop
Major Russian IT service provider hit with cyberattack
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Meta warns of worrying security flaw hitting open source type software
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Passwordless authentication continues to grow, with biometrics helping push adoption
Data leak
Hacked Tata Technologies data leaked by ransomware gang
Latest in News
Google Gemini Flash 2.0 Images
I tried Gemini's new AI image generation tool - here are 5 ways to get the best art from Google's Flash 2.0
An image of the Samsung Galaxy S25 Ultra from a hands-on event
Samsung Galaxy S26 Ultra could resurrect an intriguing camera feature
Eurocom Raptor X18
At $15,000, this massive 256GB RAM laptop makes Apple's MacBook Pro look affordable, tiny and very, very slow
Cristin Milioti in Black Mirror season 7
Netflix launches trailer for Black Mirror season 7, giving us a look at its first-ever sequel episode and an unexpected returning character
A graphic of the PC Gaming Show
Get ready for a bounty of PC games on June 8, as the PC Gaming show is back
A close up of The Daily podcast from Pocket Casts' web page
‘Podcasting shouldn’t be locked behind walled gardens’: Pocket Casts slams Spotify and makes its web player free to all