Hackers using AI breach 600 FortiGate firewalls in 5 weeks by exploiting weak credentials

Hackers Used AI to Breach 600 Firewalls in Weeks, Amazon says

Over the last five weeks, a limited number of hackers broke into more than 600 firewalls across dozens of countries with the help of widely available artificial intelligence tools, according to security research from Amazon.com Inc. The small group of hackers - or possibly just one person - used commercial generative AI services to quickly take advantage of weak security measures, such as simple sign-in credentials or single-factor authentication, according to a report from the company. The techniques let the intruders compromise firewalls at a scale that would have otherwise required a larger and more skilled team. The Russian-speaking hackers leveraged their access to the security devices, spread across 55 countries, to move further into some victims' networks in ways that appeared to be setting up ransomware attacks, the report states. The widespread breaches, which Amazon said were financially motivated, are the latest example of hackers using AI to ease and speed cyberattacks. "It's like an AI-powered assembly line for cybercrime, helping less skilled workers produce at scale," CJ Moses, who leads security engineering and operations at Amazon, said in the report. It doesn't identify the AI tools the hackers used nor does it name the victims. Researchers believe the hackers opportunistically broke into firewalls with weak protections, rather than targeting certain industries, according to the report. The compromised devices were spread across South Asia, Latin America, the Caribbean, West Africa, Northern Europe and Southeast Asia. When the hackers encountered more hardened security, they simply moved on to other targets, Moses said. And once inside a network, they "largely failed when attempting to exploit anything beyond the most straightforward, automated attack paths," the report states. Last year, a hacker leveraged technology from Anthropic PBC as part of a vast cybercrime scheme that's impacted at least 17 organizations, Anthropic said, marking what was then an "unprecedented" instance of attackers weaponizing a commercial artificial intelligence tool on a widespread basis. Amazon expects more of this to come. "Organizations should anticipate that AI-augmented threat activity will continue to grow in volume from both skilled and unskilled adversaries," Moses said.

Amazon: AI-assisted hacker breached 600 FortiGate firewalls in 5 weeks

Amazon is warning that a Russian-speaking hacker used multiple generative AI services as part of a campaign that breached more than 600 FortiGate firewalls across 55 countries in five weeks. A new report by CJ Moses, CISO of Amazon Integrated Security, says that the hacking campaign occurred between January 11 and February 18, 2026, and did not rely on any exploits to breach Fortinet firewalls. Instead, the threat actor targeted exposed management interfaces and weak credentials that lacked MFA protection, then used AI to help automate access to other devices on the breached network. Moses says the compromised firewalls were observed across South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia, among other regions. Amazon says it learned about the campaign after finding a server hosting malicious tools used to target Fortinet FortiGate firewalls. As part of the campaign, the threat actor targeted FortiGate management interfaces exposed to the internet by scanning for services running on ports 443, 8443, 10443, and 4443. The targeting was reportedly opportunistic rather than against any specific industries. Rather than exploiting zero-days, as we commonly see targeting FortiGate devices, the actor used brute-force attacks with common passwords to gain access to devices. Once breached, the threat actor extracted the device's configuration settings, which include: These configuration files were then parsed and decrypted using what appears to be AI-assisted Python and Go tools. "Following VPN access to victim networks, the threat actor deploys a custom reconnaissance tool, with different versions written in both Go and Python," explained Amazon. "Analysis of the source code reveals clear indicators of AI-assisted development: redundant comments that merely restate function names, simplistic architecture with disproportionate investment in formatting over functionality, naive JSON parsing via string matching rather than proper deserialization, and compatibility shims for language built-ins with empty documentation stubs." "While functional for the threat actor's specific use case, the tooling lacks robustness and fails under edge cases -- characteristics typical of AI-generated code used without significant refinement." These tools were used to automate reconnaissance on the breached networks by analyzing routing tables, classifying networks by size, running port scans using the open-source gogo scanner, identifying SMB hosts and domain controllers, and using Nuclei to look for HTTP services. The researchers say that while the tools were functional, they commonly failed in more hardened environments. Operational documentation written in Russian detailed how to use Meterpreter and mimikatz to conduct DCSync attacks against Windows domain controllers and extract NTLM password hashes from the Active Directory database. The campaign also specifically targeted Veeam Backup & Replication servers using custom PowerShell scripts, compiled credential-extraction tools, and attempted to exploit Veeam vulnerabilities. On one of the servers found by Amazon (212[.]11.64.250), the threat actor hosted a PowerShell script named "DecryptVeeamPasswords.ps1" that was used to target the backup application. As Amazon explains, threat actors often target backup infrastructure before deploying ransomware to prevent the restoration of encrypted files from backups. The threat actors' "operational notes" also contained multiple references to trying to exploit various vulnerabilities, including CVE-2019-7192 (QNAP RCE), CVE-2023-27532 (Veeam information disclosure), and CVE-2024-40711 (Veeam RCE). The report says that the attacker repeatedly failed when attempting to breach patched or locked-down systems, but instead of continuing to try to gain access, they moved on to easier targets. While Amazon believes the threat actor has a low-to-medium skill set, that skill set was greatly amplified through the use of AI. The researchers say the threat actor utilized at least two large language model providers throughout the campaign to: In one instance, the actor reportedly submitted a full internal victim network topology, including IP addresses, hostnames, credentials, and known services, to an AI service and asked for help spreading further into the network. Amazon says the campaign demonstrates how commercial AI services are lowering the barrier to entry for threat actors, enabling them to carry out attacks that would normally be outside their skill set. The company recommends that FortiGate admins not expose management interfaces to the internet, ensure MFA is enabled, ensure VPN passwords are not the same as those for Active Directory accounts, and harden backup infrastructure. Google recently reported that threat actors are abusing Gemini AI across all stages of cyberattacks, mirroring what Amazon observed in this campaign.

Amazon AI Cyberattack Hits 600 FortiGate Devices

The attackers did not exploit advanced vulnerabilities. Instead, they targeted exposed management ports and weak, single-factor authentication settings. The report shows how is reshaping threat operations. Commercially available AI tools were used to generate attack scripts, automate reconnaissance, and plan lateral movement inside networks. CJ Moses, Amazon CISO, stated that no FortiGate software vulnerabilities were exploited. Rather, "fundamental security gaps" allowed a low-to-medium-skilled actor to scale attacks rapidly. When stronger defenses were detected, the shifted to easier targets, highlighting efficiency over sophistication.