“Active since at least 2021, this subgroup within Seashell Blizzard has leveraged opportunistic access techniques and stealthy forms of persistence to collect credentials, achieve command execution, and support lateral movement that has at times led to substantial regional network compromises,” Microsoft said in the report.
Seashell Blizzard’s activities align with those tracked by other security vendors under various names, including BE2, UAC-0133, Blue Echidna, Sandworm, PHANTOM, BlackEnergy Lite, and APT44.
Russian cyber warfare expands beyond Ukraine
The hacking subgroup tracked as the “BadPilot campaign,” has been active since at least 2021, originally focusing on Ukraine and Europe. Microsoft reports that the operation has now extended its reach into North America, Central Asia, and the Middle East.
