Russia Hits Critical Orgs Via Misconfigured Edge Devices

Amazon detailed a long-running campaign by Russia against critical infrastructure organizations, particularly in the energy sector. Amazon Threat Intelligence published a blog post detailing a multiyear threat campaign by Russian nation-state actors targeting North American, European, and Middle Eastern critical infrastructure, with notable focus in the energy sector.

According to Amazon, attackers are targeting enterprise routers, routing infrastructure, VPN concentrators, network management appliances, collaboration platforms, cloud-based project management systems, and more. One key trend noted is a shift away from vulnerability exploitation to targeting misconfigured customers’ network edge devices as the primary initial access vector. This tactical adaptation enables the same operational outcomes while reducing exposure and resource expenditure.

Between 2021 and 2025, the threat cluster witnessed a significant focus on misconfigured devices. In 2025, Amazon observed “sustained targeting of misconfigured customer network edge device targeting” and a notable decline in vulnerability exploitation as an initial access vector.

Organizations are urged to prioritize securing their network edge devices and monitoring for credential replay attacks to defend against this persistent threat. Four priority actions for organizations include auditing network edge devices for signs of compromise, detecting credential replay attacks, utilizing access monitoring, and reviewing access logs for signs of authentication attempts.

To read the complete article see: Dark Reading Article