Microsoft: Sandworm APT From Russia Takes Advantage Of Edge Bugs Worldwide.
The " Bad pilot " Initial Access Wing Of Sandworm ( Also Known As Seashell Blizzard ) Employs Conventional Intrusion Techniques To Disperse Russia's Tendrils Globally.
Sandworm, also known as Military unit 74455 in Russia's Military intelligence (GRU), is arguably the most well-known advanced persistent threat (APT). Notpetya, an attack on the 2018 winter Olympics, and two successful attacks on Ukraine's power infrastructure are among it's highlights. A campaign against Denmark's energy sector and a failed attempt to bring down Ukraine's grid for the third time, followed by a successful one, are examples of more recent actions.
Sandworm has been gradually moving towards more subdued, broad incursions, which is indicative of the times. Microsoft, which monitors the group under the name " Seashell Blizzard," has discovered a subgroup within 74455 that is exclusively concerned with getting first access to valuable companies in important sectors and Geographical areas. This subgroup is referred to as "Badpilot."
THE REPERCUSSIONS IN UKRAINE
In the end, Badpilot role is to facilitate more serious assaults by it's parent group, which in turn gives it's rulling Government more authority. Microsoft stated that although much of it's actions appear to be opportunistic, " it's compromises cumulatively offer Seashell Blizzard options when responding to Russia's evolving strategic objectives," for instance, the fact that the group formed only months before Russia invaded Ukraine may or may not be a coincidence.
Badpilot was there in the thick of things when that war broke out and Russia launched more cyber attacks on it's neighbor than ever before, assisting in gaining access to groups thought to be giving it's enemy Military or political support. Microsoft further claimes that since 2023, the group has permitted at least three devastating strikes in Ukraine. Since the beginning of the conflict, Sandworm has targeted vital infrastructure throughout Ukraine, such as manufacturing facilities, transportation and logistics, energy, water, Military and Governmental institutions, telecommunications infrastructure, and other infrastructure designed to support the civilian populace.
In order to obtain intelligence, it has also targeted Military Communities. Degrippo highlights that "these threat actors are persistent, creative, organized, and well-resourced." Consequently, "critical sectors need to ensure that they sustain above average security practices, patch their software, monitor internet-facing assets, and enhance their overall security posture."
