Amazon security boss blames Russia's GRU for years-long energy-sector hacks

Russia's Main Intelligence Directorate (GRU) is behind a years-long campaign targeting energy, telecommunications, and tech providers, stealing credentials and compromising misconfigured devices hosted on AWS to give the Kremlin's snoops persistent access to sensitive networks, according to Amazon's security boss.

"The campaign demonstrates sustained focus on Western critical infrastructure, particularly the energy sector, with operations spanning 2021 through the present day," CJ Moses, Chief Information Security Officer (CISO) of Amazon Integrated Security, said in a Monday threat report. "Going into 2026, organizations must prioritize securing their network edge devices and monitoring for credential replay attacks to defend against this persistent threat."

Moses named enterprise routers, VPN concentrators, remote access gateways, and network management appliances as devices that deserve attention.

He said Russians are also trying to access corporate systems by targeting organizations' collaboration and wiki platforms, plus cloud-based project management tools.

AWS declined to answer The Register ...