A Russia-linked hacker group has been exploiting vulnerabilities in edge devices of critical infrastructure sectors since 2021, focusing on credential harvesting and lateral movement. The campaign is linked to Russia’s GRU and aims mainly at energy, telecommunications, and cloud organizations in North America, Europe, and the Middle East. #Sandworm #GRU
Keypoints
- The hackers target edge devices like firewalls and management interfaces using known vulnerabilities.
- Attackers intercept network traffic to steal login credentials and expand their access within networks.
- Most victims are in North America, Europe, and the Middle East, with a focus on critical infrastructure sectors.
- The group is believed to be linked to Russia’s military intelligence agency, the GRU.
- Organizations are advised to inspect devices, enforce strong authentication, and monitor suspicious activity to mitigate risks.