A recent report highlights a strategic shift in Russian state-sponsored cyber operations from exploiting software vulnerabilities to targeting misconfigured network edge devices. This tactic allows persistent access to critical infrastructure sectors such as energy and telecommunications. #Sandworm #GRU
Keypoints
- Russian threat actors are shifting from complex exploits to targeting misconfigured network devices.
- The focus is on unpatched routers, VPNs, and management appliances to gain access.
- Amazon attributes this activity to Russia’s Main Intelligence Directorate (GRU) with high confidence.
- The group passively intercepts traffic using native packet capture capabilities for intelligence gathering.
- The campaign primarily targets energy and telecom sectors across North America, Europe, and the Middle East.