AWS attributes a multi-year cyber espionage campaign targeting critical infrastructure to Russia-linked group Sandworm (APT44). The attackers exploit misconfigured customer devices to gain access, steal credentials, and maintain long-term persistence, emphasizing the importance of securing network edge devices. #Sandworm #APT44
Keypoints
- The cyber espionage campaign primarily targets critical infrastructure in North America and Europe, focusing on the energy sector.
- The attackers exploit misconfigured customer edge devices to gain initial access, not vulnerabilities in AWS itself.
- Credential theft and establishing persistent connections are key tactics used by the threat group.
- Operations involve targeting energy supply chains, technology providers, and telecommunications globally.
- AWS advises organizations to secure network edge devices and monitor for credential replay to defend against this ongoing threat.
Read More: https://thecyberexpress.com/espionage-western-critical-infrastructure/