BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Amazon Uncovers Russian Cyber Espionage Targeting Western Infrastructure

Russian APT44 Cyber Campaign Targets Western Critical Infrastructure by Exploiting Misconfigured Network Edge Devices from 2021 to 2025

  • From 2021 to 2025, a Russian state-sponsored group targeted Western critical infrastructure, focusing on misconfigured network edge devices.
  • The campaign primarily affected energy, cloud services, and telecom sectors across North America, Europe, and the Middle East.
  • The threat actor exploited known vulnerabilities in network appliances and software, then used credential harvesting to gain deeper access.
  • The group, linked to GRU’s APT44, adapted tactics from direct exploits to leveraging customer network misconfigurations.
  • Amazon intervened by notifying affected customers and disrupting ongoing operations targeting its cloud infrastructure.

Amazon security experts revealed a multi-year cyber campaign from 2021 to 2025 by a Russian government-backed group targeting critical infrastructure in Western countries. The campaign aimed at energy companies, cloud-based network services, and other key sectors in North America, Europe, and the Middle East. The activity is linked with high confidence to the GRU-affiliated Advanced Persistent Threat group known as APT44, also referred to by names including FROZENBARENTS and Sandworm.

- Advertisement -

The intrusions evolved from exploiting software vulnerabilities to focusing on misconfigured network edge devices hosted within cloud environments. This shift reduced the use of new vulnerabilities, known as zero-day and N-day flaws, with attackers instead leveraging exposed management interfaces on routers and network appliances.

Over the years, the group exploited several vulnerabilities, including the WatchGuard Firebox and XTM flaw CVE-2022-26318 from 2021 to 2022, Atlassian Confluence vulnerabilities CVE-2021-26084 and CVE-2023-22518 during 2022-2023, and the Veeam flaw CVE-2023-27532 in 2024. The campaign continued to focus heavily on misconfigured network edge devices into 2025.

Amazon reported that the attackers targeted devices such as enterprise routers, VPN concentrators, network management systems, and cloud-based collaboration platforms. By compromising these devices, the threat actors intercepted network traffic to harvest credentials. They then performed credential replay attacks to access victim organizations’ online services and strengthen their network foothold.

“Network connection analysis shows actor-controlled IP addresses establishing persistent connections to compromised EC2 instances operating customers’ network appliance software,” said CJ Moses, Amazon Integrated Security Chief Information Security Officer. “Analysis revealed persistent connections consistent with interactive access and data retrieval across multiple affected instances.”

- Advertisement -

The attack process reportedly involved compromising cloud-hosted network edge devices, capturing network traffic, collecting credentials, replaying them to online services, and establishing persistent access for lateral network movement.

The campaign’s targeting highlights a focus on energy supply chains, including both direct operators and third-party service providers with network access to critical infrastructure. Additionally, infrastructure overlaps were noted with a related cluster known as Curly COMrades, suggesting coordinated subgroups within the broader GRU operation.

Amazon has notified affected users and disrupted ongoing threat activities impacting its cloud services. Organizations are advised to audit network edge devices for unauthorized packet capture tools, enforce strong authentication, monitor login attempts from unusual locations, and watch for credential replay incidents.

More on the WatchGuard Firebox vulnerability can be found here, and additional information on the campaign is detailed here.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Alphabet Launches Two New AI Models, Eyes Stock Boost

Alphabet launches two new AI models, Nano Banana 2 Lite and Gemini Omni Flash,...

Nvidia’s Kyber AI rack delayed to 2028: report

NVIDIA's next-generation Kyber server rack, designed for Rubin Ultra chips, is delayed to 2028...

TrojPix Air-Gap Attack Uses Monitor Cables

Researchers at Shandong University have demonstrated a new covert data exfiltration technique called TrojPix.The...

Bitcoin Reclaims $63k as Crypto Market Sees July Reversal

Bitcoin (BTC) reclaimed $63,000 in early July 2026, signaling a market reversal after a...

2026 ASEAN SHOP Opens in Kuala Lumpur to Drive Southeast Asia’s Smart Retail Growth

KUALA LUMPUR, Malaysia. ASEAN SHOP will host its 2026 edition at the MITEC Pavilion...

Must Read

Top 10 Best DeFi Tokens to Invest in 2022

Decentralized Finance (Defi), is one of the most talked-about topics in the crypto space alongside NFTs. So if you want to know the best...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading