Major Russian hacking group shifts focus to US and UK targets

(Image credit: Shutterstock)

Russian hacking group 'Seashell Blizzard' has claimed victims in its 'BadPilot' campaign
The group is diversifying its targets, no longer focusing entirely on Eastern European infrastructure
Microsoft's Threat Intelligence Report reveals the US and UK are now in its sights

A Russian-backed campaign ‘BadPilot’ has been in operation since at least 2021, and is targeting ‘high-value global infrastructure to support network operations’, new research has claimed

In an increasingly digitally dependent world, cyberattacks can be a seriously effective way to damage a country’s critical infrastructure and cause chaos without crossing the line into full-blown warfare, a report from Microsoft’s Threat Intelligence team has revealed.

The campaign is primarily carried out by threat group ‘Seashell Blizzard’, and the group has ‘leveraged opportunistic access techniques’ and collects credentials, achieves command execution, and supports lateral movement that has led to ‘substantial regional network compromises’.

Critical targets

Since early 2024, Seashell Blizzard has expanded its range of targets from beyond Eastern Europe to include the US and UK, exploiting flaws ‘primarily in ConnectWise ScreenConnect IT remote management and monitoring software and Fortinet FortiClient EMS security software.

It looks likely that these attacks could continue to claim victims in the west too, as the group diversifies its targets and expand its range of targets This outlines the move from Russian-aligned threat actors towards states or international organizations which are geopolitically ‘significant’, or that provide support or aid to Ukraine.

“Given that Seashell Blizzard is Russia’s cyber tip of the spear in Ukraine, Microsoft Threat Intelligence assesses that this access subgroup will continue to innovate new horizontally scalable techniques to compromise networks both in Ukraine and globally in support of Russia’s war objectives and evolving national priorities” the report confirms.

Cybercrime is a lucrative business, and state-backed actors have been observed using cyberattacks to help fund their operations, including Russia, Iran, China, and North Korea - but that’s not their only goal.

Groups like Seashell Blizzard have been targeting critical infrastructure, especially in Ukraine, in order to disrupt and damage the services they provide. Attacks like phishing campaigns, malware distribution, and supply chain attacks have targeted energy, retail education, consulting, and agriculture industries since 2022, and are designed to demoralize the populations and erode confidence in Zelensky’s government.

Take a look at our pick of the best malware removal software around
Check out our recommendations for the best antivirus software
Huge cyber attack under way - 2.8 million IPs being used to target VPN devices

TOPICS

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.