Amazon has announced that its threat intelligence division has intervened in ongoing cyber operations attributed to hackers associated with Russia’s foreign military intelligence service, the GRU. The activity targeted organizations using Amazon’s cloud infrastructure, with attackers attempting to gain unauthorized access to customer-managed systems.
The company reported that the malicious campaign dates back to 2021 and largely concentrated on Western critical infrastructure. Within this scope, energy-related organizations were among the most frequently targeted sectors, indicating a strategic focus on high-impact industries.
Amazon’s investigation shows that the attackers initially relied on exploiting security weaknesses to break into networks. Over multiple years, they used a combination of newly discovered flaws and already known vulnerabilities in enterprise technologies, including security appliances, collaboration software, and data protection platforms. These weaknesses served as their primary entry points.
As the campaign progressed, the attackers adjusted their approach. By 2025, Amazon observed a reduced reliance on vulnerability exploitation. Instead, the group increasingly targeted customer network edge devices that were incorrectly configured. These included enterprise routers, VPN gateways, network management systems, collaboration tools, and cloud-based project management platforms.
Devices with exposed administrative interfaces or weak security controls became easy targets. By exploiting
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: