Amazonβs Threat Intelligence team has identified and disrupted operations linked to Russian GRU hackers targeting cloud infrastructure, especially in Western critical sectors like energy. The threat actors shifted from exploiting vulnerabilities to focusing on misconfigured devices, aiming for persistent access and credential theft. #GRU #Sandworm #AWSecurity #Cyberespionage
Keypoints
- The Russian GRU-linked hackers targeted cloud infrastructure with a focus on Western critical sectors such as energy.
- The threat actors shifted from exploiting vulnerabilities to targeting misconfigured edge devices for initial access.
- Operational focus remains on credential theft and lateral movement within networks, minimizing exposure.
- Amazon actively disrupted these operations, protecting affected EC2 instances and notifying customers.
- Recommendations include auditing devices, restricting access, and enabling monitoring tools like CloudTrail and GuardDuty.