It has been reported that BadPilot, an initial-access subgroup of Russia’s Sandworm, has infiltrated the networks of organisations across the US, UK, Canada and Australia. The discovery is announced in a new blog post from Microsoft. Simon Phillips, CTO of SecureAck, responds to the news.

“This discovery is alarming for UK organisations as it highlights how Russian state-sponsored actors are exploiting CVEs to infiltrate networks, conduct surveillance and launch attacks.

“Cyber crime is now closely tied to geopolitical tensions, so it’s no surprise BadPilot has been carrying out serious attacks against the West. However, the real concern is that these operations remained largely unnoticed until Microsoft published these findings.

“The exploitation tactics reaffirm a growing uptake in exploitation of internet-facing infrastructure for gaining access to enterprise networks, and organisations must use this as a catalyst to strengthen their patch management.

“Given the volumes of vulnerabilities, automating patch deployment is essential, because without it, organisations are playing catchup often missing critical patches, and leaving themselves exposed to attack.

“The threat landscape has evolved beyond script kiddies and financially driven attackers; state-sponsored actors are now a serious reality. 

“The biggest concern is how stolen intelligence is being used to enhance these attacks and support their overall agendas.”

For more cybersecurity news, click here