BadPilot: Inside Seashell Blizzard’s (AKA Sandworm) Global Cyber Espionage Campaign

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Anna Seitz and Megan Stalling to unpack new intelligence on the BadPilot Campaign, a sophisticated operation by a subgroup of Seashell Blizzard—also known as APT-44, Iridium, or Sandworm.   The team explores how this subgroup, active since 2021, uses opportunistic access, remote management tools, and Tor based ShadowLink infrastructure to maintain covert control of compromised systems. They also examine trends across threat actor ecosystems, how tactics evolve through shared influence, and why network detection remains a key battleground in defending against persistent global threats.  In this episode you’ll learn:       How evolving network detection is helping stop threat actors  Why Seashell Blizzard targets industrial control systems  When fake Zoom links and meeting invites are used to lure victims into engagement  Some questions we ask:      Have North Korean hackers improved at social engineering lately?  What’s this subgroup’s main goal when it comes to network attacks?  Why would a group like this use such basic tactics instead of more advanced ones?    Resources:   View Megan Stalling on LinkedIn   View Anna Seitz on LinkedIn   View Sherrod DeGrippo on LinkedIn     BadPilot Campaign, Seashell Blizzard   How Microsoft Names Threat Actors     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.