CyberSecurityBoard
Sponsor Register Login

Russian Seashell Blizzard Attacking Organizations With Custom-Developed Hacking Tools

A highly sophisticated Russian threat actor known as Seashell Blizzard (also tracked as APT44, Sandworm, and Voodoo Bear) has been conducting extensive cyber operations against organizations worldwide. The group’s strategic focus on sectors including energy, telecommunications, government, military, transportation, manufacturing, and retail indicates a comprehensive approach to cyber espionage and potential sabotage. Their evasion tactics include leveraging Windows Background Intelligent Transfer Service (BITS) to quietly download payloads using system idle bandwidth, making malicious activities harder to detect among legitimate network traffic. Recently, AttackIQ security analysts identified a new campaign dubbed “BadPilot,” which represents a sophisticated, long-running operation primarily focused on gaining initial access to targeted networks. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Linked to Russian Military Intelligence Unit 74455 (GRU), this adversary has targeted critical sectors across the United States, Canada, Australia, Europe, Central Asia, and the Middle East since at least 2009. This is accomplished using native Windows tools, as evidenced by the group’s use of the “sc” command line utility to create new services and verify their successful implementation. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Seashell Blizzard maintains access across system restarts and credential changes by creating or modifying Windows services. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. Their operations are characterized by persistent, long-term network access using both publicly available and custom-developed hacking tools. Seashell Blizzard has demonstrated particular interest in Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. A sophisticated web skimming campaign that employs a novel technique leveraging Stripe's legacy API to validate payment card details before exfiltration. The campaign employs strategic spear-phishing emails and vulnerability exploitation to establish footholds that enable further network penetration. Their attacks have resulted in significant disruptions to critical infrastructure, particularly energy distribution systems, with potential for catastrophic consequences.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 03 Apr 2025 14:40:17 +0000


Cyber News related to Russian Seashell Blizzard Attacking Organizations With Custom-Developed Hacking Tools

Star Blizzard increases sophistication and evasion in ongoing attacks - Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard. Star Blizzard has improved their detection evasion capabilities since 2022 while remaining ...
1 year ago Microsoft.com
BadPilot Attacking Network Devices To Expand Russian Seashell Blizzard's Attacks - Microsoft Threat Intelligence analysts noted that Seashell Blizzard is known for its expertise in targeting critical infrastructure such as industrial control systems (ICS) and supervisory control and data acquisition systems (SCADA). These exploits ...
4 months ago Cybersecuritynews.com
Russian Seashell Blizzard Attacking Organizations With Custom-Developed Hacking Tools - A highly sophisticated Russian threat actor known as Seashell Blizzard (also tracked as APT44, Sandworm, and Voodoo Bear) has been conducting extensive cyber operations against organizations worldwide. The group’s strategic focus on sectors ...
2 months ago Cybersecuritynews.com
Russian Spies Hacked Microsoft Email Systems & Accessed Code - Microsoft has disclosed that Russian government hackers, identified as the group Midnight Blizzard, have successfully infiltrated its corporate email systems and stolen source codes. Microsoft's announcement on March 8, 2024, detailed that Midnight ...
1 year ago Cybersecuritynews.com Cozy Bear APT29
The Russians are coming! Err, they've already infiltrated The Register - Russia-backed attackers have named new targets for their ongoing phishing campaigns, with defense-industrial firms and energy facilities now in their sights, according to agencies of the Five Eyes alliance. In a joint security alert issued on ...
1 year ago Go.theregister.com
Who is the DOGE and X Technician Branden Spikes? – Krebs on Security - Branden Spikes California Russian Association Congress of Russian Americans Constellation of Humanity Cyberinc Department of Government Efficiency Diana Fishman Donald J. Prior to founding Spikes Security, Branden Spikes was married to a native ...
3 months ago Krebsonsecurity.com
Microsoft Shares New Guidance in the Wake of 'Midnight Blizzard' Cyberattack - Microsoft has released new guidance for organizations on how to protect against persistent nation-state attacks like the one disclosed a few days ago that infiltrated its own corporate email system. A key focus of the guidance is on what ...
1 year ago Darkreading.com Cozy Bear
Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group - By taking decisive action against Star Blizzard, Microsoft and its partners reinforce international norms and demonstrate a commitment to protecting civil society and upholding the rule of law in cyberspace. Between January 2023 and August 2024, Star ...
8 months ago Gbhackers.com
HPE: Russian hackers breached its security team's email accounts - Hewlett Packard Enterprise disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments. Midnight ...
1 year ago Bleepingcomputer.com Cozy Bear APT29
Microsoft: Legacy account hacked by Russian APT had no MFA - Microsoft said the legacy test tenant account hacked by Russian nation-state threat actors this month did not have MFA enabled. According to the initial disclosure, the account compromised was a legacy, non-production test tenant account that threat ...
1 year ago Techtarget.com
Encouraging Ethical Hacking Skills in Students - This article delves into the significance of encouraging ethical hacking skills in students and the numerous benefits it offers to individuals and society as a whole. Possessing ethical hacking skills can provide students with a competitive advantage ...
1 year ago Securityzap.com
Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
1 year ago Bleepingcomputer.com APT29
Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
1 year ago Bleepingcomputer.com APT29
Russian military hackers target NATO fast reaction corps - Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps. Researchers from Palo Alto Networks' Unit 42 have observed them exploiting the ...
1 year ago Bleepingcomputer.com CVE-2023-23397 Fancy Bear APT28
Russia's 'Star Blizzard' APT Upgrades its Stealth, Only to Be Unmasked Again - After multiple exposures and disruptions, a Kremlin-sponsored advanced persistent threat actor has once again upgraded its evasion techniques. That move was also exposed this week, by Microsoft. Historically, it has focused its aim on public and ...
1 year ago Darkreading.com
Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
1 year ago Bleepingcomputer.com APT29
8 Tips on Leveraging AI Tools Without Compromising Security - Forecasts like the Nielsen Norman Group estimating that AI tools may improve an employee's productivity by 66% have companies everywhere wanting to leverage these tools immediately. How can companies employ these powerful AI/ML tools without ...
1 year ago Darkreading.com
Microsoft and DOJ seized the attack infrastructure used by Russia-linked Callisto Group - Today, the United States District Court for the District of Columbia unsealed a civil action brought by Microsoft’s DCU, including its order authorizing Microsoft to seize 66 unique domains used by Star Blizzard in cyberattacks targeting Microsoft ...
8 months ago Securityaffairs.com
BadPilot network hacking campaign fuels Russian SandWorm attacks - Microsoft's earliest observations of the subgroup's activity show opportunistic operations targeting Ukraine, Europe, Central and South Asia, and the Middle East, focusing on critical sectors. Microsoft's Threat Intelligence team says that the ...
4 months ago Bleepingcomputer.com
Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally - Microsoft, which tracks the group as "Seashell Blizzard," has identified a subgroup within 74455 focused solely on gaining initial access to high-value organizations across major industries and geographic regions. Sandworm has targeted ...
4 months ago Darkreading.com CVE-2023-48788 CVE-2024-1709
Star Blizzard New Evasion Techniques to Hijack Email Accounts - Hackers target email accounts because they contain valuable personal and financial information. Successful email breaches enable threat actors to:-. Cybersecurity researchers at Microsoft Threat Intelligence team recently unveiled that the Russian ...
1 year ago Gbhackers.com
FSB arrests Russian hackers working for Ukrainian cyber forces - The Russian Federal Security Service arrested two individuals believed to have helped Ukrainian forces carry out cyberattacks to disrupt Russian critical infrastructure targets. Both suspects were taken into custody one same day in two different ...
1 year ago Bleepingcomputer.com
Russian FSB Targets US and UK Politicians in Sneaky Spear-Phish Plan - The UK was the first to release the accusations-because time zones, presumably. Your humble blogwatcher curated these bloggy bits for your entertainment. The intrusions include targeting personal email accounts and impersonation attempts against ...
1 year ago Securityboulevard.com
CISA Issues Warning for Russian 'Star Blizzard' APT Spear-Phishing Operation - The US cybersecurity agency CISA is leading a cross-agency push to expose a Russian government-backed APT caught launching spear-phishing campaigns against specific targets in academia, defense, governmental organizations, NGOs and think-tanks. A ...
1 year ago Securityweek.com
The Dangers of Remote Management & Monitoring Tools for Cybersecurity - Remote monitoring and management (RMM) tools are used by business organizations to manage and monitor their enterprise IT infrastructure from a central location. However, the increasing sophistication of hackers and cybercriminals has caused both ...
2 years ago Csoonline.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)