Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks

After years of exploiting zero-day and n-day vulnerabilities, Russian state-sponsored threat actors are shifting to misconfigured devices.

Russian state-sponsored threat actors appear to be favoring misconfigurations over the exploitation of vulnerabilities for gaining access to the systems of targeted critical infrastructure organizations, according to Amazon’s threat intelligence team.

The malicious activity has been linked to the widely known Russian threat actor named Sandworm, which has led Amazon’s experts to conclude that the attacks are likely conducted by hackers associated with Russia’s GRU military intelligence agency.

Amazon has also seen some infrastructure overlaps with hackers tracked by Bitdefender as Curly COMrades, who may have been responsible for post-exploitation activities. 

Over the past five years, Amazon has seen attacks aimed at energy organizations in Western nations, critical infrastructure in North America and Europe, and various types of organizations with cloud-hosted network infrastructure. 

The tech giant has monitored the threat ...