Amazon Web Services (AWS), which is Amazon’s cloud web hosting service catering to millions of clients, has been under the radar of Russian state actors for five years, as disclosed in a recent corporate update.

This week, Amazon Threat Intelligence released an announcement on the AWS site regarding a lengthy cyber attack initiative led by a Russian cyber threat group. Amazon’s analysts linked the attack to a threat actor named Sandworm, associated with Russia’s GRU military intelligence division.

“The initiative reveals an ongoing focus on critical infrastructure in the West, especially within the energy sector, with activities occurring from 2021 to the present,” remarked CJ Moses of Amazon Threat Intelligence.

Amazon noted that the attack was aimed at “energy sector entities throughout Western countries, essential infrastructure providers in North America and Europe, and firms utilizing cloud-hosted network systems.” The initiative took advantage of “low-hanging fruit” from potentially misconfigured customer devices, which enabled the attacks to continue.

Moses characterized the assault as “a notable progression in targeting critical infrastructure,” emphasizing a “tactical shift where misconfigured customer network edge devices became the main point of initial access, while the activity of exploiting vulnerabilities lessened.”

In spite of Amazon’s attempts to address vulnerabilities, the threat remains as attackers continue to take advantage of misconfigured devices on AWS customers’ premises.

Amazon has quickly repaired compromised infrastructure and alerted affected clients. As the new year draws near, Amazon encourages customers to keep a close watch on and audit their network devices and stay alert as attacks carry on.