A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks

Summary

• Sandworm is a notorious hacking group linked to Russia’s GRU military intelligence and is believed to be the Kremlin’s most aggressive cyberwar unit.
• Now Microsoft has warned that a team within that group, called BadPilot, has changed its targeting and is indiscriminately trying to breach networks worldwide.
• Over the last year, BadPilot has shown a particular interest in English-speaking Western countries, especially the US, the UK, Canada and Australia, targeting sectors such as energy, oil and gas, telcos, shipping, arms manufacturing and government.
• Microsoft says that after BadPilot gains access it hands it off to other Sandworm hackers to steal information or launch cyberattacks.
• The company stressed that BadPilot has so far shown no intention of doing anything other than espionage, but expressed concern about the group’s potential actions.

By Andy Greenberg

Original Article