"Targets of the campaign included energy sector organizations across Western nations, critical infrastructure providers in North America and Europe, and entities with cloud-hosted network infrastructure. The activity has been attributed with high confidence to the GRU-affiliated APT44, which is also known as FROZENBARENTS, Sandworm, Seashell Blizzard, and Voodoo Bear. The activity is notable for using as initial access vectors misconfigured customer network edge devices with exposed management interfaces, as N-day and zero-day vulnerability exploitation activity declined over the time period - indicative of a shift in attacks aimed at critical infrastructure, the tech giant said."
"2021-2022 - Exploitation of WatchGuard Firebox and XTM flaw (CVE-2022-26318) and targeting of misconfigured edge network devices 2022-2023 - Exploitation of Atlassian Confluence flaws (CVE-2021-26084 and CVE-2023-22518) and continued targeting of misconfigured edge network devices 2024 - Exploitation of Veeam flaw (CVE-2023-27532) and continued targeting of misconfigured edge network devices 2025 - Sustained targeting of misconfigured edge network devices"
GRU-affiliated APT44 conducted a multi-year campaign from 2021 to 2025 targeting Western critical infrastructure, including energy sector organizations and providers in North America and Europe, plus entities with cloud-hosted network infrastructure. Initial access shifted toward misconfigured customer network edge devices with exposed management interfaces as N-day and zero-day exploitation declined. The tactical adaptation enabled credential harvesting and lateral movement while reducing actor exposure and resource expenditure. Observed exploitation included WatchGuard Firebox/XTM, Atlassian Confluence flaws, and a Veeam flaw across 2021–2024, with sustained targeting of misconfigured edge devices in 2025. Targeted assets included routers, VPN concentrators, network management appliances, and collaboration platforms.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]