The BadPilot campaign: Multiyear global access operation

SUMMARY :

A Russian state actor subgroup within Seashell Blizzard has conducted a global access operation called the BadPilot campaign since 2021. The group exploits vulnerabilities in Internet-facing infrastructure to gain persistent access to high-value targets across various sectors worldwide. Their tactics include deploying web shells, modifying network resources, and using remote management tools for persistence and command and control. The campaign has expanded Seashell Blizzard's geographical reach beyond Eastern Europe, targeting organizations in the US, UK, Canada, and Australia. The subgroup's activities enable Russia to respond to evolving strategic objectives and provide options for future actions.

OPENCTI LABELS :

initial access,cve-2023-23397,credential theft,cve-2024-1709,cve-2023-32315,persistence,cve-2023-42793,cve-2021-34473,vulnerability exploitation,cve-2023-48788,badpilot,russian state actor,global operation,localolive,cve-2022-41352,remote management,shadowlink


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


The BadPilot campaign: Multiyear global access operation