The Russian state-sponsored hacking group APT44, also known as Sandworm, has been conducting a multi-year cyber campaign called *BadPilot*, targeting critical infrastructure worldwide. APT44’s subgroup focuses on initial access and persistence, enabling destructive attacks and intelligence gathering.  

Since 2021, the group has targeted energy, oil and gas, telecom, shipping, and arms manufacturing sectors. It has exploited vulnerabilities in Microsoft Exchange, Zimbra, Fortinet, and other platforms, using web shells, credential theft, and covert network tunnels.  

In 2024, they expanded attacks to the U.S., U.K., Canada, and Australia. Microsoft warns of their near-global reach and has shared detection methods to help mitigate risks.

‍