Tag: russia
-
Russian state hackers targeted Western critical infrastructure for years, Amazon says
Tags: credentials, cyber, exploit, hacker, infrastructure, intelligence, network, russia, theft, threat, vulnerabilityAmazon disclosed a years-long Russian state-backed cyber campaign targeting Western critical infrastructure from 2021 to 2025. Amazon Threat Intelligence reports a long-running Russian state-backed campaign (20212025) targeting Western critical infrastructure. Threat actors shifted from exploiting vulnerabilities to abusing misconfigured network edge devices, enabling credential theft and lateral movement with lower risk. The researchers linked the…
-
Russian state hackers targeted Western critical infrastructure for years, Amazon says
Tags: credentials, cyber, exploit, hacker, infrastructure, intelligence, network, russia, theft, threat, vulnerabilityAmazon disclosed a years-long Russian state-backed cyber campaign targeting Western critical infrastructure from 2021 to 2025. Amazon Threat Intelligence reports a long-running Russian state-backed campaign (20212025) targeting Western critical infrastructure. Threat actors shifted from exploiting vulnerabilities to abusing misconfigured network edge devices, enabling credential theft and lateral movement with lower risk. The researchers linked the…
-
Russian APT group pivots to network edge device misconfigurations
Tags: apt, attack, authentication, breach, cloud, credentials, detection, group, infrastructure, intelligence, mfa, mssp, network, russia, service, technology, theft, threatCredential harvesting: The researchers also observed credential replay attacks against victims’ other online services using stolen domain credentials following network edge device compromises. This indicates that the attackers are likely harvesting credentials by leveraging the traffic capturing and analysis capabilities of the compromised devices.”Time gap between device compromise and authentication attempts against victim services suggests…
-
Sandworm’s Tactical Pivot: Russian GRU Abandons Zero-Days to Weaponize Misconfigured Edge Devices
The post Sandworm’s Tactical Pivot: Russian GRU Abandons Zero-Days to Weaponize Misconfigured Edge Devices appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/sandworms-tactical-pivot-russian-gru-abandons-zero-days-to-weaponize-misconfigured-edge-devices/
-
Russia’s GRU hackers targeting misconfigured network edge devices in attacks on energy sector, Amazon says
In a press briefing this week, Amazon officials said the years-long campaign “represents a significant evolution in critical infrastructure targeting.” First seen on therecord.media Jump to article: therecord.media/russia-gru-hackers-target-energy-sector-sandworm
-
Russia’s GRU hackers targeting misconfigured network edge devices in attacks on energy sector, Amazon says
In a press briefing this week, Amazon officials said the years-long campaign “represents a significant evolution in critical infrastructure targeting.” First seen on therecord.media Jump to article: therecord.media/russia-gru-hackers-target-energy-sector-sandworm
-
Amazon disrupts Russian GRU hackers attacking edge network devices
The Amazon Threat Intelligence team has disrupted active operations attributed to hackers working for the Russian foreign military intelligence agency, the GRU, who targeted customers’ cloud infrastructure. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/amazon-disrupts-russian-gru-hackers-attacking-edge-network-devices/
-
Russia Hits Critical Orgs Via Misconfigured Edge Devices
Amazon detailed a long-running campaign by Russia against critical infrastructure organizations, particularly in the energy sector. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/russian-apt-attacking-critical-orgs-around-world
-
Russian Hackers Launch Attacks on Network Edge Devices in Western Critical Infrastructure
Tags: attack, blizzard, cyber, hacker, infrastructure, intelligence, network, russia, threat, vulnerabilityRussian state-sponsored hackers are intensifying attacks on misconfigured network edge devices across Western critical infrastructure, marking a significant tactical shift as 2025 comes to a close. According to new insights from Amazon Threat Intelligence, this campaign linked with high confidence to Russia’s Main Intelligence Directorate (GRU) and the Sandworm/APT44/Seashell Blizzard cluster has deprioritized overt vulnerability…
-
Russian Hackers Launch Attacks on Network Edge Devices in Western Critical Infrastructure
Tags: attack, blizzard, cyber, hacker, infrastructure, intelligence, network, russia, threat, vulnerabilityRussian state-sponsored hackers are intensifying attacks on misconfigured network edge devices across Western critical infrastructure, marking a significant tactical shift as 2025 comes to a close. According to new insights from Amazon Threat Intelligence, this campaign linked with high confidence to Russia’s Main Intelligence Directorate (GRU) and the Sandworm/APT44/Seashell Blizzard cluster has deprioritized overt vulnerability…
-
Russia’s GRU Tied to Critical Infrastructure Cloud Breaches
Misconfigured Customer Network Edge Devices’ Under Fire, Warn Researchers. Misconfigured edge devices hosted in the cloud are giving nation-state hackers carte blanche to access Western critical infrastructure, warn threat intelligence experts at Amazon, who tied exploits of AWS customers’ device administrator portals to Russia’s GRU military intelligence agency. First seen on govinfosecurity.com Jump to article:…
-
Amazon: Russian GRU hackers favor misconfigured devices over vulnerabilities
Amazon Threat Intelligence reports Russian GRU hackers are increasingly breaking into critical infrastructure by abusing misconfigured devices instead of exploiting software vulnerabilities. First seen on hackread.com Jump to article: hackread.com/amazon-russia-gru-hackers-misconfigured-vulnerabilities/
-
Russia-linked hackers breach critical infrastructure organizations via edge devices
New research offers the latest evidence that vulnerable network edge equipment is a pressing concern. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/russian-hackers-critical-infrastructure-energy-edge-devices/808005/
-
Amazon warns that Russia’s Sandworm has shifted its tactics
Researchers said attackers linked to Russia’s military intelligence agency have moved from vulnerability exploits to focus on poorly configured network edge devices to keep its access to target networks. First seen on cyberscoop.com Jump to article: cyberscoop.com/amazon-threat-intel-russia-attacks-energy-sector-sandworm-apt44/
-
Amazon security boss blames Russia’s GRU for years-long energy-sector hacks
‘Sustained focus on Western critical infrastructure’ First seen on theregister.com Jump to article: www.theregister.com/2025/12/15/amazon_ongoing_gru_campaign/
-
Amazon security boss blames Russia’s GRU for years-long energy-sector hacks
‘Sustained focus on Western critical infrastructure’ First seen on theregister.com Jump to article: www.theregister.com/2025/12/15/amazon_ongoing_gru_campaign/
-
AWS Report Links Multi-Year Effort to Compromise Cloud Services to Russia
Amazon Web Services (AWS) today published a report detailing a series of cyberattacks occurring over multiple years attributable to Russia’s Main Intelligence Directorate (GRU) that were aimed primarily at the energy sector in North America, Europe and the Middle East. The latest Amazon Threat Intelligence report concludes that the cyberattacks have been evolving since 2021,..…
-
AWS Report Links Multi-Year Effort to Compromise Cloud Services to Russia
Amazon Web Services (AWS) today published a report detailing a series of cyberattacks occurring over multiple years attributable to Russia’s Main Intelligence Directorate (GRU) that were aimed primarily at the energy sector in North America, Europe and the Middle East. The latest Amazon Threat Intelligence report concludes that the cyberattacks have been evolving since 2021,..…
-
Flaw in Hacktivist Ransomware Lets Victims Decrypt Own Files
A new version of VolkLocker, wielded by the pro-Russia RaaS group CyberVolk, has some key enhancements but one fatal flaw. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/flaw-hacktivist-ransomware-victims-decrypt-files
-
Russian Phishing Campaign Delivers Phantom Stealer Via ISO Files
A new phishing campaign has been identified, delivering the Phantom information-stealing malware via an ISO attachment First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-phishing-phantom-stealer/
-
MI6 chief warns ‘front line is everywhere’ and signals intent to pressure Putin
In her first public speech, the new chief of Britain’s MI6, Blaise Metreweli, will point to the acute threat posed by Russia, according to pre-released excerpts. First seen on therecord.media Jump to article: therecord.media/mi6-chief-speech-russia-threats-warning
-
MI6 chief warns ‘front line is everywhere’ and signals intent to pressure Putin
In her first public speech, the new chief of Britain’s MI6, Blaise Metreweli, will point to the acute threat posed by Russia, according to pre-released excerpts. First seen on therecord.media Jump to article: therecord.media/mi6-chief-speech-russia-threats-warning
-
Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector
Cybersecurity researchers have disclosed details of an active phishing campaign that’s targeting a wide range of sectors in Russia with phishing emails that deliver Phantom Stealer via malicious ISO optical disc images.The activity, codenamed Operation MoneyMount-ISO by Seqrite Labs, has primarily singled out finance and accounting entities, with those in the procurement, legal, payroll First…
-
New VolkLocker Ransomware Variant Targets Both Linux and Windows Systems
CyberVolk, a pro-Russia hacktivist group first documented in late 2024, has resurfaced with a sophisticated ransomware-as-a-service (RaaS) offering called VolkLocker after months of dormancy caused by Telegram enforcement actions. The group returned in August 2025 with version 2.x, featuring advanced Telegram-based automation and cross-platform capabilities targeting both Linux and Windows systems. VolkLocker is built in…
-
New VolkLocker Ransomware Variant Targets Both Linux and Windows Systems
CyberVolk, a pro-Russia hacktivist group first documented in late 2024, has resurfaced with a sophisticated ransomware-as-a-service (RaaS) offering called VolkLocker after months of dormancy caused by Telegram enforcement actions. The group returned in August 2025 with version 2.x, featuring advanced Telegram-based automation and cross-platform capabilities targeting both Linux and Windows systems. VolkLocker is built in…
-
VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption
The pro-Russian hacktivist group known as CyberVolk (aka GLORIAMIST) has resurfaced with a new ransomware-as-a-service (RaaS) offering called VolkLocker that suffers from implementation lapses in test artifacts, allowing users to decrypt files without paying an extortion fee.According to SentinelOne, VolkLocker (aka CyberVolk 2.x) emerged in August 2025 and is capable of targeting both Windows First…
-
‘The frontline is everywhere’: new MI6 head to warn of growing Russian threat
Blaise Metreweli expected to say UK faces new ‘age of uncertainty’ in speech identifying Kremlin as key threatAssassination plots, sabotage, cyber-attacks and the manipulation of information by Russia and other hostile states mean that “the frontline is everywhere”, the new head of MI6 will warn on Monday.Blaise Metreweli, giving her first speech in the job,…
-
Russian Ring Using Ex-Immigrant Data to Fuel Fake ID Sales
Telegram-Based Market Is Exploiting Gaps in US Tracking of Departed Visa Holders. A Russian darknet marketplace is exploiting a major blind spot for U.S. financial institutions by trafficking in the identities of former legal immigrants. Telegram-based group Karma Fullz has built a profitable criminal enterprise with highly convincing synthetic identities. First seen on govinfosecurity.com Jump…
-
Hackers reportedly breach developer involved with Russia’s military draft database
A hacking group it had maintained access to the firm’s systems for several months and had destroyed parts of the company’s infrastructure. First seen on therecord.media Jump to article: therecord.media/hackers-reportedly-breach-developer-involved-in-russian-military-database
-
Feds: Pro-Russia Hacktivists Target US Critical Infrastructure
So far the attacks, which compromise virtual network computing (VNC) connections in OT systems, have not been particularly destructive, but this could change as they evolve. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/hactivists-target-critical-infrastructure