Microsoft is publishing for the first time their research into a subgroup within the Russian state actor Seashell Blizzard and its multiyear initial access operation, tracked by Microsoft Threat Intelligence as the “BadPilot campaign”.
This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations. The geographical targeting to a near-global scale of this campaign expands Seashell Blizzard’s scope of operations beyond Eastern Europe.
Read more…
Source: Microsoft
Related:
- University of Western Australia suffers major data breach, staff and students locked out
August 11, 2025
One of Australia’s major universities has suffered a data breach, with the password information of thousands of staff and students exposed. The University of WA (UWA) confirmed it was investigating a cybersecurity incident on Saturday night, which involved unauthorised access of password information. Read more… Source: MSN Ness Sign up for the Cyber Security Review Newsletter The latest cyber security ...
- Security flaws in a carmaker’s web portal let one hacker remotely unlock cars from anywhere
August 10, 2025
A security researcher said flaws in a carmaker’s online dealership portal exposed the private information and vehicle data of its customers, and could have allowed hackers to remotely break into any of its customers’ vehicles. Eaton Zveare, who works as a security researcher at software delivery company Harness, told TechCrunch the flaw he discovered allowed the ...
- Massive leak of over 115 million US payment cards caused by Chinese “smishing” hackers
August 10, 2025
A wave of advanced phishing campaigns, traced to Chinese-speaking cybercriminal syndicates, may have compromised up to 115 million US payment cards in just over a year, experts have warned. Researchers at SecAlliance revealed these operations represent a growing convergence of social engineering, real-time authentication bypasses, and phishing infrastructure designed to scale. Investigators have identified a figure ...
- Bouygues Telecom data breach could affect millions of customers
August 8, 2025
French telco giatn Bouygues Telecom has confirmed suffering a cyberattack in which it lost sensitive customer data. In a short announcement published on its website, the company said it detected the attack on August 4, and following an investigation, determined threat actors stole people’s contact details, contract data, civil status data (or company details), and IBAN ...
- Google says UNC6040 hackers stole some of its data following Salesforce breach
August 7, 2025
Cybercriminals known as ShinyHunters (UNC6040) recently broke into Google and stole business customer information from one of its corporate Salesforce instances, the company has confirmed. In a blog post breaking down ShinyHunters’ modus operandi, the company somewhat played down the importance of the incident, noting the miscreants didn’t really grab anything sensitive, or of particular value. Read ...
- An Earth-Shattering Kaboom: Bringing a Physical ICS Penetration Testing Environment to Life
August 6, 2025
Whether it’s in the water we drink, the medicines we take, or the electricity we use to read blog posts on the internet, Industrial Control Systems (ICS) are part of our daily lives. There’s so much that relies on these systems, you’d like to assume they’re engineered and tested to guard against cyberattacks. You’d be wrong. ...