Introduction
This object reflects ATT&CK Technique and other relationships associated with an unnamed “subgroup” of the Russia-linked Seashell Blizzard group, known for a multiyear initial access operation dubbed the “BadPilot” campaign.[Microsoft Security Blog February 12 2025] Seashell Blizzard is a high-impact threat actor linked to the Russian Federation, conducting global activities on behalf of Russian Military Intelligence Unit 74455 (GRU). Its operations range from espionage to information operations and cyber-enabled disruptions, including destructive attacks and manipulation of industrial control systems (ICS). According to Microsoft researchers, Seashell Blizzard “overlaps with” groups tracked as Sandworm Team, APT44, and other names.[Microsoft Security Blog February 12 2025]
Activities and Tactics
Country of Origin: 🇷🇺 Russia
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
- SHIPSHAPE:
- SEASHARPEE:
- CyberGate:
- Cyber Eye RAT:
- Blizzard:
- Archelaus Beta:
Attribution and Evidence
Country of Origin: Russia Additional attribution information pending cataloguing.