The end of 2025 and global cybersecurity assessments indicated that one of the most formidable state-aligned hacking units in Russia has changed its tactics significantly. It has been widely reported that state-sponsored threat actors linked to the GRU’s cyber-operations arm, widely known by various nicknames such as Sandworm, APT44, and Microsoft’s Seashell Blizzard cluster, are recalibrating their approach with noticeable precision as they approach their target market.
A group that once was renowned for exploiting zero-day vulnerabilities and newly disclosed ones with high-profile and disruptive effects, the group has now shifted into a quieter, yet equally strategic approach, systematically targeting weaknesses resulting from human and network misconfigurations rather than exploits resulting from cutting-edge techniques.
The analysis published by Amazon Threat Intelligence, based on findings obtained by Amazon’s Threat Intelligence division, illustrates this shift, revealing that the cluster is increasingly concentrating on exploiting incorrectly configured network edge devices, suggesting a deliberate move away from overt zero-day or zero-n-day intrusion techniques to the use of sustained reconnaissance and exploitation of exposed infrastructure at the digital perimeter, signaling an intentional shift away from overt zero-day or n-day intrusion techniques.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: