Weaponizing IT software against global enterprises: Since early 2024, the hackers have exploited vulnerabilities in widely used IT management tools, including ConnectWise ScreenConnect (CVE-2024-1709) and Fortinet FortiClient EMS (CVE-2023-48788). By compromising these critical enterprise systems, the group has gained undetected access to networks, Microsoft warned.”Seashell Blizzard’s specialized operations have ranged from espionage to information operations and cyber-enabled disruptions, usually in the form of destructive attacks and manipulation of industrial control systems (ICS),” the report said. “The opportunistic access methods outlined in this campaign will continue to offer Russia opportunities for niche operations and activities.”The group’s evolving tradecraft has made its attacks increasingly difficult to detect, allowing it to establish persistent footholds in high-profile targets worldwide.Some of the notorious attacks of the subgroup include destructive attacks such as KillDisk and FoxBlade, supply-chain attacks such as MeDoc, and pseudo-ransomware attacks such as NotPetya and Prestige, Microsoft noted in the report.
Mounting cyberattacks signal a growing threat to enterprises: Microsoft has linked the subgroup to at least three destructive cyberattacks in Ukraine since 2023, underscoring the severity of its operations. The report highlights that while some attacks appear indiscriminate, the overall strategy provides Russia with valuable cyber access for future military and intelligence operations.”Since April 2022, Russia-aligned threat actors have increasingly targeted international organizations that are either geopolitically significant or provide military and/or political support to Ukraine,” Microsoft noted.The targeted industries include arms manufacturing, shipping, and energy”, sectors critical to national security and geopolitical stability. The campaign’s expanding reach signals an urgent need for stronger cybersecurity measures among enterprises and governments.”Due to their specialization in computer network exploitation (CNE) and expertise targeting critical infrastructure such as ICS and supervisory control and data acquisition systems (SCADA), Seashell Blizzard’s operations have frequently been leveraged during military conflicts and as an adaptable element during contentious geopolitical events,” the report added.The report said that Microsoft is actively tracking Seashell Blizzard’s operations and notifying affected organizations. It also urged enterprises to take immediate action by patching known vulnerabilities, enforcing network segmentation, and adopting a zero-trust security framework. “Security teams should monitor for suspicious activity and review logs for indicators of compromise linked to Seashell Blizzard’s evolving attack methods,” Microsoft suggested in the report.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3823955/russian-hacking-group-targets-critical-infrastructure-in-the-us-the-uk-and-canada.html
