Amazon Web Services (AWS) has revealed a five-year Russian cyber espionage campaign primarily targeting critical infrastructure, especially the energy sector in North America and Europe, conducted by the Sandworm hacker group linked to Russia’s GRU. The operation exploits human and configuration errors rather than software vulnerabilities, making detection challenging and enabling prolonged network infiltration. Concurrently, AWS reported increased cyber activity from North Korean operatives attempting to infiltrate tech companies, with over 1,800 blocked applications since April 2024. Amazon warns that misconfigurations will be the main attack vector moving into 2026, urging organizations to tighten security measures, as a single misconfiguration could compromise even the most secure systems.