Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries
Feb 12, 2025
Cyber Espionage / Cybercrime
A subgroup within the infamous Russian state-sponsored hacking group known as Sandworm has been attributed to a multi-year initial access operation dubbed BadPilot that stretched across the globe. "This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations," the Microsoft Threat Intelligence team said in a new report shared with The Hacker News ahead of publication. The geographical spread of the initial access subgroup's targets include the whole of North America, several countries in Europe, as well as others, including Angola, Argentina, Australia, China, Egypt, India, Kazakhstan, Myanmar, Nigeria, Pakistan, Turkey, and Uzbekistan. The development marks a significant expansion of the hacking group's victimology footprint over the past three years, which is otherwise known to be concentrated around Eastern Europe - 2022: Energy...