Amazon Warns Russian GRU Hackers Target Western Firms via Edge Devices
Amazon researchers believe this campaign is part of a bigger operation spearheaded by Russia’s military intelligence service, the GRU
Amazon provides cloud and online services whose vulnerabilities, security advisories, and supply-chain risks can affect users and organizations.
Search across headline titles and summaries.
Background for this topic.
Amazon provides a large-scale cloud computing platform and an extensive e-commerce marketplace, both widely used across industries. Its cloud services offer infrastructure for hosting applications, storing data, and managing complex workflows, while its marketplace facilitates transactions between millions of buyers and sellers. These environments involve diverse user roles, APIs, and integrations with third-party services, creating multiple points of interaction and potential exposure.
Security risks include misconfigured cloud resources, such as storage buckets or access policies that unintentionally allow public or excessive permissions, leading to data exposure or unauthorized use. The e-commerce platform faces threats like account takeovers targeting customer or seller accounts, and fraud exploiting payment or order systems. Mitigating these risks requires strict identity and access management controls, continuous monitoring for unusual activity, and thorough validation of third-party components to prevent exploitation within Amazon’s complex ecosystem.
Weekly headline count for the current query.
Amazon researchers believe this campaign is part of a bigger operation spearheaded by Russia’s military intelligence service, the GRU
The campaign shows APT29’s intentions to “cast a wider net in their intelligence collection efforts,” said Amazon
Check Point has discovered over 1000 suspicious domains registered in the run-up to Amazon Prime Day
Amazon Web Services has launched its Cyber Education Grant Program in the UK
An individual who posted data allegedly stolen via MOVEit from Amazon and other big-name firms claims not to be malicious
The phishing campaign targeted users via texts impersonating Amazon, linked to the threat actor Chenlun
The US Federal Trade Commission will send $5.6m worth of refunds to the spied-on customers of the Amazon-owned home camera company
The French CNIL has fined Amazon France Logistique $35m for an "excessively intrusive" surveillance system set up to monitor the performance of its staff
Amazon, Anthropic, Google, Inflection, Meta, Microsoft and OpenAI all joined the initiative
E-commerce giant looks to improve customer trust in its marketplace
Regulator's proposed order to cover civil penalty and consumer refunds
Experts from Amazon and the NCA offered tips on how to engage end users with cyber awareness training
Researchers warned that threat actors could potentially exploit Elastic IP transfer and compromise an IP address
The discovery was made by security researchers at Mitiga
Which? said it has reported the fake URLs to the National Cyber Security Centre
It tried to trick victims into clicking on malicious files as part of a fake Amazon job assessment
The association between the three apparently unrelated campaigns was made by Cisco Talos
Amazon Prime Day is growing in popularity as pretext for hackers
The vulnerability derived from a misconfiguration of one of the Photos app’s components
The software engineer intended to mine the stolen data and install cryptocurrency miners on some AWS servers