Russia's GRU Tied to Critical Infrastructure Cloud Breaches

Misconfigured Customer Network Edge Devices' Under Fire, Warn Researchers Mathew J. Schwartz (euroinfosec) • December 16, 2025

Zero-days are nice - but all a hacker needs to convert a router or VPN concentrator into an open conduit is a bit of careless system administration, warns threat intel tracking Russian nation-state activity.

See Also: Going Beyond the Copilot Pilot - A CISO's Perspective

In an ongoing campaign active since 2021, Russian hackers have sought out enterprise routers and infrastructure, VPNs, network management appliances and collaboration platforms used by electric utilities and energy providers in North American, Western and Eastern Europe, and the Middle East, says a Monday security alert issued by Amazon Web Service's threat intelligence group. Other top targets include telecommunications firms and a variety of other types of critical infrastructure providers.

Researchers attribute these cyber operations to the GRU, the Russian military's foreign intelligence agency. The ...