A Russian state actor subgroup within Seashell Blizzard has conducted a global access operation called the BadPilot campaign since 2021. The group exploits vulnerabilities in Internet-facing infrastructure to gain persistent access to high-value targets across various sectors worldwide. Their tactics include deploying web shells, modifying network resources, and using remote management tools for persistence and command and control. The campaign has expanded Seashell Blizzard's geographical reach beyond Eastern Europe, targeting organizations in the US, UK, Canada, and Australia. The subgroup's activities enable Russia to respond to evolving strategic objectives and provide options for future actions.