Amazon Web Services (AWS) has issued a stark reminder of just how dangerous and persistent cyberattacks targeting managed service providers (MSPs) can be—especially when those MSPs support critical industries.
The cloud provider recently released new findings showing that a series of multiyear cyberattacks, attributed to Russia’s Main Intelligence Directorate (GRU), have been targeting organizations across the energy sector in North America, Europe, and the Middle East.
AWS’ latest Amazon Threat Intelligence report notes that these attacks have been evolving since 2021, with a significant number aimed directly at MSPs serving energy-sector clients.
Misconfigured edge systems: The key entry point
According to AWS, the GRU-linked attacks primarily focused on misconfigured edge computing platforms connected to the AWS cloud. While AWS has successfully blocked many of the attacks and corrected compromised or misconfigured EC2 instances on behalf of customers, the message to MSPs is clear: improperly configured edge devices create a pathway into broader cloud environments.
If an edge platform is misconfigured, it may unintentionally provide access not just to its own systems, but to other cloud resources it can reach. In an industry as mission‑critical as energy, that exposure is especially troubling.
A growing, long-term threat
Energy infrastructure has always been a top target for nation-state cyber operations, and the concern now is the sheer length of time these attacks have been evolving. After four years of activity, the number of vulnerable or misconfigured edge platforms could easily be in the hundreds of thousands, particularly if attackers expand their reach beyond the energy sector.
MSPs, in particular, remain high-value targets. A successful breach of one MSP can cascade to hundreds—or even thousands—of downstream customers. Even a single configuration error can create a wide attack surface, which makes continuous auditing of infrastructure essential. This is especially important after any system update or change that might inadvertently weaken security.
Looking ahead: Escalation, not relief
As we move into 2026, there is little indication that geopolitical tensions will ease. That means MSPs should expect more of the same—only more sophisticated and more frequent.
Artificial intelligence (AI) is now enabling attackers to build exploits faster than ever. The window between identifying a vulnerability and weaponizing it is shrinking from weeks to hours or days. This in turn is giving defenders less time to react and secure their environments.
It’s often said that the price of liberty is eternal vigilance. MSPs know this better than most. In cybersecurity, a quiet period rarely means the threat has passed. It usually means the adversary has shifted tactics, become stealthier, and is preparing the next move.
Photo: Summit Art Creations / Shutterstock
This post originally appeared on Smarter MSP.