Hackers backed by the Russian government have changed tactics in a yearslong campaign against energy companies in North America, Europe and the Middle East, according to Amazon.com cybersecurity researchers. The attackers are targeting internet routers and other widely used devices that have been set up incorrectly or sport known security holes….

In the latest attacks, which Amazon links to Russia’s military intelligence operation known as the GRU, hackers are breaking into electricity and other energy providers and third parties that sell security services to the sector, to steal the legitimate credentials of employees. The hackers try to establish long-term access, likely for espionage purposes, to harvest login information and other data, and move around corporate networks over time…Tools used by Amazon to monitor activity on its cloud infrastructure picked out “coordinated operations” against customer devices hosted on Amazon Web Services… That includes persistent connections to vulnerable routers, network management tools and other devices, and signs that data was being collected…

France recently accused the GRU of waging cyberattacks against French ministries, defense contractors and media outlets with the aim of gathering intelligence and sowing division in the country. The European Union a year ago sanctioned a unit of the GRU’s Department of Special Tasks for orchestrating “coups, assassinations, bombings, and cyberattacks” in Europe and elsewhere. At the same time, the U.S. indicted members of the unit on similar charges.

Excerpt from  Kim S. Nash, Suspected Russian Hackers Step Up Attacks on U.S. Energy Firms, Research Shows, WSJ, Dec. 15, 2025