Microsoft Threat Intelligence has uncovered a subgroup within the Russian state actor Seashell Blizzard, dubbed “BadPilot,” responsible for a multiyear global access operation. This subgroup, active since at least 2021, leverages opportunistic access techniques and exploits to compromise Internet-facing infrastructure across diverse sectors and regions. While some targeting appears opportunistic, the cumulative access offers Seashell Blizzard options for future operations, including potential destructive cyberattacks.