Amazonβs threat intelligence has revealed a prolonged Russian state-sponsored campaign targeting Western critical infrastructure from 2021 to 2025. The campaign primarily exploited misconfigured network edge devices and leveraged vulnerabilities to harvest credentials and gain persistent access, with connections to GRU-linked groups like APT44 and Sandworm. #GRU #APT44
Keypoints
- The threat actor is attributed with high confidence to Russiaβs Main Intelligence Directorate (GRU).
- Exploitation of vulnerabilities on edge devices and collaboration platforms was a key tactic over five years.
- The campaign targeted infrastructure providers, cloud services, and critical sectors across North America, Europe, and the Middle East.
- Attacks involved credential harvesting, replay attacks, and persistent network access through compromised AWS edge devices.
- Amazon has alerted customers and recommended security measures like device auditing and monitoring for suspicious activity.
Read More: https://thehackernews.com/2025/12/amazon-exposes-years-long-gru-cyber.html