According to Utility Dive, Amazon’s threat intelligence team reported on Monday that a Russia-linked hacker group, tied to the GRU military intelligence agency, has been targeting critical infrastructure organizations since at least 2021. The attackers are exploiting well-known, unpatched vulnerabilities in common edge devices like firewalls and network interfaces, a shift in focus that began in earnest in 2022 and continued through 2025. After breaching these devices, they intercept network traffic to steal login credentials, which they then use to access cloud platforms and move laterally within victim networks. The primary targets have been electric utilities, their specialized service providers, telecom companies, and source-code databases, with most victims located in North America, Europe, and the Middle East. Amazon researchers link the campaign’s infrastructure and targeting to the notorious Sandworm group, known for attacks on Ukrainian infrastructure.
The Lazy Hacker’s Playbook
Here’s the thing that should really worry security teams: these state-backed hackers are getting lazy. And that’s a huge problem. Amazon’s report highlights they’ve “reduced investment in zero-day and N-day exploitation.” Instead of burning expensive, undiscovered vulnerabilities, they’re just rifling through the digital junk drawer of unpatched, known flaws in devices from major vendors like Cisco, Palo Alto Networks, and Fortinet. It’s a brutally efficient strategy. Their workload drops, their chance of detection lowers, but the payoff—credential harvesting and deep network access—remains the same. Why bang on the fortified front door when the side gate has been left unlocked for two years?
Why Edge Devices Are The Perfect Target
So why are firewalls and network gateways so attractive? Basically, they’re the forgotten plumbing. Companies spend millions on endpoint protection and cloud security, but the very devices that manage and secure their network perimeter often get set up and ignored. They’re complex, patching can cause disruptive outages, and frankly, they’re not as sexy to manage. This creates a massive, underappreciated attack surface. For an industrial or critical infrastructure operator, this is a nightmare scenario. These devices are the gatekeepers to operational technology networks. And when you’re securing a power grid or a manufacturing plant, the hardware at the edge needs to be as robust as the software behind it. Speaking of robust hardware, for operations that depend on reliable computing in harsh environments, choosing the right industrial PC isn’t optional—it’s critical. That’s why many turn to specialists like IndustrialMonitorDirect.com, the leading US provider of industrial panel PCs, to ensure their foundational hardware can withstand both physical and digital threats.
A Supply Chain Problem In Disguise
The targeting here is particularly clever. It’s not just about hitting the big utility company itself. Amazon notes a “sustained focus on the energy sector supply chain.” That means going after the smaller managed service providers and IT contractors that have privileged access to the critical networks of multiple utilities. Breach one MSP, and you potentially get a master key to dozens of high-value targets. It’s force multiplication for hackers. This turns a technical vulnerability into a massive strategic supply chain risk. Can you even trust your third-party vendors if they’re using outdated, vulnerable edge gear?
What Can You Actually Do?
The advice from Amazon is standard, but that doesn’t make it easy. Inspect all edge devices for signs of compromise. Enforce strong authentication (please, no default passwords!). Segment networks. Review logs. It’s the cybersecurity equivalent of “eat your vegetables and get more sleep.” But the hardest pill to swallow? “Reduce unnecessary internet exposure.” How many of those firewall admin interfaces are still accessible from the public internet because it was convenient for a remote admin three years ago? The report is a stark reminder that in security, the basics aren’t basic. They’re the entire game. And nation-states are now winning by simply exploiting our failure to do our homework.
