Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks
After years of exploiting zero-day and n-day vulnerabilities, Russian state-sponsored threat actors are shifting to misconfigured devices. The post Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks appeared first on SecurityWeek.
Russian state-sponsored threat actors appear to be favoring misconfigurations over the exploitation of vulnerabilities for gaining access to the systems of targeted critical infrastructure organizations, according to Amazon’s threat intelligence team.
The malicious activity has been linked to the widely known Russian threat actor named Sandworm, which has led Amazon’s experts to conclude that the attacks are likely conducted by hackers associated with Russia’s GRU military intelligence agency.
Amazon has also seen some infrastructure overlaps with hackers tracked by Bitdefender as Curly COMrades, who may have been responsible for post-exploitation activities.
Related breach coverage
- Russian state hackers targeted Western critical infrastructure for years, Amazon says2025-12-17
Amazon disclosed a years-long Russian state-backed cyber campaign targeting Western critical infrastructure from 2021 to 2025. Amazon Threat Intelligence reports a long-running Russian state-backed campaign (2021–2025) targeting Western critical infrastructure. Threat actors shifted from exploiting vulnerabilities to abusing misconfigured network edge devices, enabling credential theft and lateral movement with lower risk. The researchers linked the […]
- APTs, Cybercriminals Widely Exploiting WinRAR Vulnerability2026-01-28
Russian and Chinese state-sponsored threat actors have been exploiting CVE-2025-8088 since July 2025. The post APTs, Cybercriminals Widely Exploiting WinRAR Vulnerability appeared first on SecurityWeek.
- Cisco ISE, CitrixBleed 2 Vulnerabilities Exploited as Zero-Days: Amazon2025-11-13
Amazon has seen a threat actor exploiting CVE-2025-20337 and CVE-2025-5777, two critical Cisco and Citrix vulnerabilities, as zero-days. The post Cisco ISE, CitrixBleed 2 Vulnerabilities Exploited as Zero-Days: Amazon appeared first on SecurityWeek.
- Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure2026-03-26
The state-sponsored threat actor deployed kernel implants and passive backdoors enabling long-term, high-level espionage. The post Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure appeared first on SecurityWeek.