EN
  • Cyber stability
  • Secops
  • Risks management
  • Digital transformation
  • Digital Sovereignty
  • Cybercrime
  • Industry and OT
  • Fraud
  • Digital identity
  • Cyber +
    • Microsoft Warns About BadPilot, a Unit of Russian State-Sponsored Group Sandworm
    • Home
    • Cybercrime
    • Microsoft Warns About BadPilot, a Unit of Russian State-Sponsored Group Sandworm

    Microsoft Warns About BadPilot, a Unit of Russian State-Sponsored Group Sandworm

    Written by
    The Editorial Team
    02.17.25
    Cybercrime
    01
    MIN
    Microsoft Warns About BadPilot, a Unit of Russian State-Sponsored Group Sandworm
    Microsoft Warns About BadPilot, a Unit of Russian State-Sponsored Group Sandworm
    Microsoft Warns About BadPilot, a Unit of Russian State-Sponsored Group Sandworm
    Image The United States Files Charges Against Ten Chinese Cybercriminals
    Cybercrime
    03.11.25 Cybercrime
    Next article
    The United States Files Charges Against Ten Chinese Cybercriminals
    Read
    01
    MIN
    Image Online Child Exploitation: Four Men Arrested in Canada
    Cybercrime
    03.11.25 Cybercrime
    Next article
    Online Child Exploitation: Four Men Arrested in Canada
    Read
    01
    MIN
    Image DDoS Attacks by Pro-Russian Group NoName067(16) Against French Local Authorities
    Cybercrime
    03.11.25 Cybercrime
    Next article
    DDoS Attacks by Pro-Russian Group NoName067(16) Against French Local Authorities
    Read
    01
    MIN
    Image Arrest of a Cybercriminal Responsible for 90 Data Breaches in Asia-Pacific
    Cybercrime
    03.04.25 Cybercrime
    Next article
    Arrest of a Cybercriminal Responsible for 90 Data Breaches in Asia-Pacific
    Read
    01
    MIN
    This entity has infiltrated critical organizations in about 50 countries, including Ukraine, the United States, and the United Kingdom.

    On February 12, 2025, Microsoft’s cybersecurity teams published a report on BadPilot, a subunit of Sandworm, the Russian state-sponsored cybercriminal group. The researchers detail the attacks carried out by this recently identified unit against sensitive organizations across approximately 50 countries. Sandworm, also known as APT44 and Seashell Blizzard, operates under Russia’s military intelligence agency, the GRU.

    BadPilot specializes in opportunistic attacks, exploiting known vulnerabilities in widely used enterprise software such as Microsoft Exchange, Outlook, ConnectWise, and Fortinet. These initial access points enable the group to steal credentials, execute malicious commands, and move laterally within compromised networks.

    By ensuring persistent access to targeted IT systems, BadPilot paves the way for other Sandworm entities to conduct more specialized cyberattacks, including espionage operations and data theft.

    Since 2021, BadPilot has targeted companies in the energy, oil and gas, telecommunications, and maritime transport sectors, as well as government organizations. Between 2021 and 2023, its attacks primarily focused on Ukraine, with secondary targets in Central Asia and the Middle East. Since 2024, the group has shifted its focus to the United States, Canada, the United Kingdom, and Australia.

    The Editorial Team
    02.17.25
    Articles by the same author:
    1
    03.13.25 Cybercrime
    The CISA Publishes a Report on the Medusa Ransomware Gang
    Read
    01
    MIN
    2
    03.11.25 Cybercrime
    Pro-Palestinian Group Dark Storm Claims Cyberattack That Disrupted X
    Read
    01
    MIN
    3
    03.11.25 Cyber +
    Cybersecurity Fundraising Soars in the U.S. but Declines in Europe
    Read
    01
    MIN
    4
    03.11.25 Fraud
    Gemini enabled the production of terrorist and pedocriminal deepfakes
    Read
    01
    MIN
    Image The United States Files Charges Against Ten Chinese Cybercriminals
    Cybercrime
    03.11.25 Cybercrime
    Next article
    The United States Files Charges Against Ten Chinese Cybercriminals
    Read
    01
    MIN
    Image Online Child Exploitation: Four Men Arrested in Canada
    Cybercrime
    03.11.25 Cybercrime
    Next article
    Online Child Exploitation: Four Men Arrested in Canada
    Read
    01
    MIN
    Image DDoS Attacks by Pro-Russian Group NoName067(16) Against French Local Authorities
    Cybercrime
    03.11.25 Cybercrime
    Next article
    DDoS Attacks by Pro-Russian Group NoName067(16) Against French Local Authorities
    Read
    01
    MIN
    Image Arrest of a Cybercriminal Responsible for 90 Data Breaches in Asia-Pacific
    Cybercrime
    03.04.25 Cybercrime
    Next article
    Arrest of a Cybercriminal Responsible for 90 Data Breaches in Asia-Pacific
    Read
    01
    MIN
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.