Sandworm, also known as Russia’s Military Unit 74455 within the GRU, has established itself as one of the most notorious advanced persistent threats (APT). Its cyber operations have included NotPetya, the attack on the 2018 Winter Olympics, and two successful assaults on Ukraine’s power grid. More recent campaigns have targeted Denmark’s energy sector and attempted—both unsuccessfully and successfully—to disrupt Ukraine’s grid once again.
Recent developments indicate a shift in Sandworm’s tactics, moving toward quieter, more extensive intrusions. Microsoft, tracking the group under the name “Seashell Blizzard,” has identified a specific subgroup within Unit 74455 that focuses exclusively on breaching high-value organizations. Dubbed “BadPilot,” this subgroup has been executing opportunistic cyberattacks on Internet-facing infrastructure since at least late 2021, leveraging known vulnerabilities in widely used email and collaboration platforms.
Among the critical vulnerabilities exploited by BadPilot are Zimbra’s CVE-2022-41352, Microsoft Exchange’s CVE-2021-34473, and Microsoft Outlook’s CVE-2023-23397. All three have received a severity score of 9.8 out of 10 under the Common Vulnerability Scoring System (CVSS), indicating their high impact.
BadPilot’s primary targets include telecommunications, oil and gas, shipping, arms manufacturing, and foreign government entities, spanning Ukraine, Europe, Central and South Asia, and
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: