Microsoft is publishing for the first time their research into a subgroup within the Russian state actor Seashell Blizzard and its multiyear initial access operation, tracked by Microsoft Threat Intelligence as the “BadPilot campaign”.
This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations. The geographical targeting to a near-global scale of this campaign expands Seashell Blizzard’s scope of operations beyond Eastern Europe.
Read more…
Source: Microsoft
Related:
- Police arrest SMS blaster crew that sent malicious messages to thousands across Toronto
May 7, 2026
Police have arrested and brought 44 charges against three men for allegedly operating an SMS blaster in downtown Toronto. The scheme, which began in November 2025, is the “first known instance” of an SMS blaster operating in Canada, according to the police report. In a statement, the Toronto Police Service said it believes tens of thousands of ...
- Muddying the Tracks: The State-Sponsored Shadow Behind Chaos Ransomware
May 6, 2026
Researchers at Rapid7 say that they have spotted what they believe was an Iranian intelligence cyber unit masquerading as the Chaos ransomware gang to hide a state-sponsored espionage operation. The intrusion was spotted earlier this year, and investigators say breadcrumbs left behind give them “medium confidence” in saying it was the work of MuddyWater, which has ...
- DOJ says ransomware gang tapped into Russian government databases
May 6, 2026
A U.S. court has sentenced Latvian hacker Deniss Zolotarjovs to more than eight years in prison following his conviction for carrying out ransomware attacks. The Justice Department accused the hacker of working for a notorious Russian ransomware gang called Karakurt, which was led by former leaders of the Akira and Conti ransomware gangs, who were sanctioned ...
- Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)
May 6, 2026
On May 6, 2026, Palo Alto Networks published a security advisory for CVE-2026-0300, a critical unauthenticated buffer overflow vulnerability affecting PAN-OS PA-Series and VM-Series firewall appliances. Prisma Access, Cloud NGFW, and Panorama appliances are not affected by this vulnerability. The vulnerability carries a CVSSv4 score of 9.3 and has been confirmed as exploited in the wild ...
- Update WhatsApp now: Two new flaws could expose you to malicious files
May 5, 2026
Meta has published a new security advisory for messaging app WhatsApp, announcing patches for two vulnerabilities. WhatsApp has fixed two security flaws that could be abused to interfere with how media and attachments are handled on your device. There is no evidence that either bug has been exploited in the wild. These bugs don’t automatically infect ...
- DAEMON Tools software compromised with a malicious payload
May 5, 2026
In early May 2026, Kaspersky researchers identified installers of the DAEMON Tools software, used for mounting disk images, to be compromised with a malicious payload. These installers are distributed from the legitimate website of DAEMON Tools and are signed with digital certificates belonging to DAEMON Tools developers. Kaspersky analysis revealed that the software installers have been ...