Russia’s GRU hackers targeting misconfigured network edge devices in attacks on energy sector, Amazon says
In a press briefing this week, Amazon officials said the years-long campaign “represents a significant evolution in critical infrastructure targeting."
While targeting Western energy companies, prominent Russian government hackers have switched from breaching organizations through novel vulnerabilities to targeting misconfigured network edge devices, according to security researchers from Amazon.
CJ Moses, CISO of Amazon Integrated Security, told Recorded Future News in an interview that the number of victim organizations is more than 10 and attributed the attacks to a well-known hacking operation known as APT44. Referred to colloquially as Sandworm or Seashell Blizzard, the group has been tied by U.S. officials to Russia’s Main Intelligence Directorate (GRU).
Moses said Amazon began tracking the campaign in 2021 and saw that it focused on Western critical infrastructure, particularly the energy sector. Amazon was able to detect the campaigns through its large network of honeypots that it calls Amazon MadPot.
Source: https://therecord.media/russia-gru-hackers-target-energy-sector-sandworm
Related breach coverage
- Russian state hackers targeted Western critical infrastructure for years, Amazon says2025-12-17
Amazon disclosed a years-long Russian state-backed cyber campaign targeting Western critical infrastructure from 2021 to 2025. Amazon Threat Intelligence reports a long-running Russian state-backed campaign (2021–2025) targeting Western critical infrastructure. Threat actors shifted from exploiting vulnerabilities to abusing misconfigured network edge devices, enabling credential theft and lateral movement with lower risk. The researchers linked the […]
- Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks2025-12-16
After years of exploiting zero-day and n-day vulnerabilities, Russian state-sponsored threat actors are shifting to misconfigured devices. The post Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks appeared first on SecurityWeek.
- Amazon disrupts Russian GRU hackers attacking edge network devices2025-12-16
The Amazon Threat Intelligence team has disrupted active operations attributed to hackers working for the Russian foreign military intelligence agency, the GRU, who targeted customers' cloud infrastructure. [...]
- Sweden reports cyberattack attempt on heating plant amid rising energy threats2026-04-16
Sweden says a pro-Russian group attacked a heating plant in 2025. The failed cyberattack highlights growing threats to Europe’s energy infrastructure. Sweden has blamed a pro-Russian group linked to Russian intelligence for a failed cyberattack on a heating plant in 2025. Officials say the incident is part of a broader wave of attacks targeting critical […]