"The campaign demonstrates sustained focus on Western critical infrastructure, particularly the energy sector, with operations spanning 2021 through the present day,"
"Going into 2026, organizations must prioritize securing their network edge devices and monitoring for credential replay attacks to defend against this persistent threat."
Russia's GRU conducted a years-long cyber campaign targeting energy, telecommunications, and technology providers, stealing credentials and compromising misconfigured AWS-hosted devices to gain persistent access to sensitive networks. Operations ran from 2021 through the present with sustained focus on Western energy organizations, their suppliers, and other North American and European critical infrastructure providers. Targets include enterprise routers, VPN concentrators, remote access gateways, and network management appliances. Attackers also targeted collaboration platforms, wikis, and cloud-based project management tools to gain corporate access. Initial intrusions exploited misconfigurations and CVE-2022-26318 in WatchGuard appliances and later abused Confluence vulnerabilities CVE-2021-26084 and CVE-2023-22518 and a Veeam flaw.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]