Threat Intelligence Report

Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure | AWS Security Blog

📅 December 21, 2025 📰 aws.amazon.com 🔍 4 CVE(s) referenced

A Russian state-sponsored threat group linked to Sandworm has shifted tactics to exploit misconfigured network edge devices—rather than software vulnerabilities—to gain persistent access and harvest credentials from Western critical infrastructure, especially in the energy sector.

vendor

CVE-2023-27532, CVE-2023-22518, CVE-2021-26084, CVE-2022-26318

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle