Russian government hackers, specifically the group APT44, are increasingly targeting Western energy sectors by exploiting misconfigured network edge devices rather than vulnerabilities in software. These attacks demonstrate a strategic shift towards passive data collection and credential harvesting, emphasizing the importance of proper device configuration in cybersecurity defenses. #APT44 #Sandworm #RussianCyberThreats #CriticalInfrastructure
Keypoints
- Russian hacking group APT44, linked to GRU, has been active since 2013, focusing on critical infrastructure.
- The group shifted tactics from exploiting software vulnerabilities to targeting misconfigured network edge devices in 2025.
- The hackers primarily engaged in passive information gathering and credential harvesting rather than active credential theft.
- This evolution reflects a broader shift in cyberattack strategies, favoring low-risk, high-reward tactics such as exploiting misconfigurations.
li>Amazon detected the campaign using honeypots called Amazon MadPot and observed operations mainly on AWS-hosted devices.
Read More: https://therecord.media/russia-gru-hackers-target-energy-sector-sandworm