Close Menu
Technology Mag

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    The Mystery of How Quasicrystals Form

    October 14, 2025

    Motorola has a super-thin Air phone too

    October 14, 2025

    Programming in Assembly Is Brutal, Beautiful, and Maybe Even a Path to Better AI

    October 14, 2025
    Facebook X (Twitter) Instagram
    Subscribe
    Technology Mag
    Facebook X (Twitter) Instagram YouTube
    • Home
    • News
    • Business
    • Games
    • Gear
    • Reviews
    • Science
    • Security
    • Trending
    • Press Release
    Technology Mag
    Home » A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks
    Security

    A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks

    News RoomBy News RoomFebruary 14, 20253 Mins Read
    Facebook Twitter Pinterest LinkedIn Reddit WhatsApp Email

    Over the last decade, the Kremlin’s most aggressive cyberwar unit, known as Sandworm, has focused its hacking campaigns on tormenting Ukraine, even more so since Russian president Vladimir Putin’s full-scale invasion of Russia’s neighbor. Now Microsoft is warning that a team within that notorious hacking group has shifted its targeting, indiscriminately working to breach networks worldwide—and, in the last year, has seemed to show a particular interest in networks in English-speaking Western countries.

    On Wednesday, Microsoft’s threat intelligence team published new research into a group within Sandworm that the company’s analysts are calling BadPilot. Microsoft describes the team as an “initial access operation” focused on breaching and gaining a foothold in victim networks before handing off that access to other hackers within Sandworm’s larger organization, which security researchers have for years identified as a unit of Russia’s GRU military intelligence agency. After BadPilot’s initial breaches, other Sandworm hackers have used its intrusions to move within victim networks and carry out effects such as stealing information or launching cyberattacks, Microsoft says.

    Microsoft describes BadPilot as initiating a high volume of intrusion attempts, casting a wide net and then sorting through the results to focus on particular victims. Over the last three years, the company says, the geography of the group’s targeting has evolved: In 2022, it set its sights almost entirely on Ukraine, then broadened its hacking in 2023 to networks worldwide, and then shifted again in 2024 to home in on victims in the US, the UK, Canada and Australia.

    “We see them spraying out their attempts at initial access, seeing what comes back, and then focusing on the targets they like,” says Sherrod DeGrippo, Microsoft’s director of threat intelligence strategy. “They’re picking and choosing what makes sense to focus on. And they are focusing on those Western countries.”

    Microsoft didn’t name any specific victims of BadPilot’s intrusions, but broadly stated that the hacker group’s targets have included “energy, oil and gas, telecommunications, shipping, arms manufacturing,” and “international governments.” On at least three occasions, Microsoft says, its operations have led to data-destroying cyberattacks carried out by Sandworm against Ukrainian targets.

    As for the more recent focus on Western networks, Microsoft’s DeGrippo hints that the group’s interests have likely been more related to politics. “Global elections are probably a reason for that,” DeGrippo says. “That changing political landscape, I think, is a motivator to change tactics and to change targets.”

    Over the more than three years that Microsoft has tracked BadPilot, the group has sought to gain access to victim networks using known but unpatched vulnerabilities in internet-facing software, exploiting hackable flaws in Microsoft Exchange and Outlook, as well as applications from OpenFire, JetBrains, and Zimbra. In its targeting of Western networks over the last year in particular, Microsoft warns that BadPilot has specifically exploited a vulnerability in the remote access tool Connectwise ScreenConnect and Fortinet FortiClient EMS, another application for centrally managing Fortinet’s security software on PCs.

    After exploiting those vulnerabilities, Microsoft found that BadPilot typically installs software that gives it persistent access to a victim machine, often with legitimate remote access tools like Atera Agent or Splashtop Remote Services. In some cases, in a more unique twist, it also sets up a victim’s computer to run as so-called onion service on the Tor anonymity network, essentially turning it into a server that communicates via Tor’s collection of proxy machines to hide its communications.

    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Email
    Previous ArticleMastodon will add quote posts, even though some users don’t want them
    Next Article This Forgotten Nintendo Switch Game Can Level Up Your Workouts

    Related Posts

    ‘Happy Gilmore’ Producer Buys Spyware Maker NSO Group

    October 14, 2025

    Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits

    October 14, 2025

    Apple Took Down These ICE-Tracking Apps. The Developers Aren’t Giving Up

    October 13, 2025

    How a Travel YouTuber Captured Nepal’s Revolution for the World

    October 11, 2025

    Tile Tracking Tags Can Be Exploited by Tech-Savvy Stalkers, Researchers Say

    October 9, 2025

    Google’s Latest AI Ransomware Defense Only Goes So Far

    October 6, 2025
    Our Picks

    Motorola has a super-thin Air phone too

    October 14, 2025

    Programming in Assembly Is Brutal, Beautiful, and Maybe Even a Path to Better AI

    October 14, 2025

    Discord blamed a vendor for its data breach — now the vendor says it was ‘not hacked’

    October 14, 2025

    ‘Happy Gilmore’ Producer Buys Spyware Maker NSO Group

    October 14, 2025
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    News

    California cracks down on ‘predatory’ early cancellation fees

    By News RoomOctober 14, 2025

    California has enacted new legislation that aims to limit companies from charging consumers “exorbitant” fees…

    New Rules Could Force Tesla to Redesign Its Door Handles. That’s Harder Than It Sounds

    October 14, 2025

    Gmail now uses AI to help you find meeting times

    October 14, 2025

    The latest Moto Razr Ultra foldable is an even better value at $999

    October 14, 2025
    Facebook X (Twitter) Instagram Pinterest
    • Privacy Policy
    • Terms of use
    • Advertise
    • Contact
    © 2025 Technology Mag. All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.