Seashell Blizzard — Threat Actor Profile, Campaigns & Targets

Threat entity extracted from intelligence sources

Frequency
4
occurrences
First Seen
December 15, 2025
Last Seen
May 14, 2026

Seashell Blizzard is a apt_group tracked across 3 threat clusters and 4 intelligence report mentions on ThreatCluster. First observed December 15, 2025; most recent activity May 14, 2026.

Related Threat Clusters

  • Sandworm Targets Critical Infrastructure with Aggressive OT Attacks

    The Russian state-sponsored group Sandworm has intensified its cyber operations against industrial and critical infrastructure, utilizing pre-compromised operational technology (OT) environments instead of zero-day…

    5 articles · Updated May 14, 2026
  • AWS Attributes Cyber Espionage to Russian GRU-linked Group Sandworm

    Amazon Web Services (AWS) has linked a multi-year cyber espionage campaign targeting Western critical infrastructure, particularly in the energy sector, to the Russian GRU-affiliated group Sandworm (APT44). The campaign…

    4 articles · Updated December 16, 2025
  • APT36's Ongoing Espionage Campaign Against Indian Government

    APT36, also known as Transparent Tribe, has been conducting persistent cyber espionage campaigns against the Indian government and defense organizations for over a decade. This espionage ecosystem, which includes the…

    2 articles · Updated February 10, 2026

Recent Intelligence Reports

  • Sandworm Activity In Industrial Environments What The Data Reveals — www.nozominetworks.com · May 14, 2026
  • Sandworm uses pre-compromised OT environments instead of zero — Industrialcyber.Co · May 14, 2026
  • Espionage Without Noise: Understanding APT36's Enduring Campaigns — Securitybrief · February 11, 2026
  • Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure — Aws.Amazon · December 15, 2025

CVSS v3.1 Breakdown