Amazon: AI-assisted hacker breached 600 FortiGate firewalls in 5 weeks

Source: Bleeping Computer

Amazon Warns of AI‑Assisted FortiGate Breach

A Russian‑speaking hacker leveraged multiple generative‑AI services in a campaign that compromised more than 600 FortiGate firewalls across 55 countries in just five weeks.

Key Details

• Timeframe: 11 January – 18 February 2026
• Attack Vector: No zero‑day exploits were used.
• Method:
  1. Targeted exposed management interfaces.
  2. Exploited weak credentials lacking MFA.
  3. Employed AI tools to automate lateral movement to other devices on the breached network.

Affected Regions

• South Asia
• Latin America & the Caribbean
• West Africa
• Northern Europe
• Southeast Asia
• (and other locations)

“The compromised firewalls were observed across a wide geographic spread, highlighting the global impact of this AI‑driven approach.” – CJ Moses, CISO, Amazon Integrated Security

Source: Amazon Integrated Security report, 2026.

An AI‑Powered Hacking Campaign

Amazon discovered the campaign after finding a server that hosted malicious tools used to target Fortinet FortiGate firewalls.

Attack Overview

• Target selection – The threat actor scanned the Internet for FortiGate management interfaces exposed on ports 443, 8443, 10443, and 4443. The scans were opportunistic rather than industry‑specific.

• Initial access – Instead of exploiting zero‑days, the actor performed brute‑force attacks with common passwords.

• Post‑compromise actions – Once inside, the attacker exfiltrated the device’s configuration, which contained:

  • SSL‑VPN user credentials (recoverable passwords)
  • Administrative credentials
  • Firewall policies and internal network architecture
  • IPsec VPN configurations
  • Network topology and routing information

  The configuration files were parsed and decrypted with AI‑assisted Python and Go tools.

“Following VPN access to victim networks, the threat actor deploys a custom reconnaissance tool, with different versions written in both Go and Python,” Amazon explains.

“Analysis of the source code reveals clear indicators of AI‑assisted development: redundant comments that merely restate function names, simplistic architecture with disproportionate investment in formatting over functionality, naive JSON parsing via string matching rather than proper deserialization, and compatibility shims for language built‑ins with empty documentation stubs. While functional for the threat actor’s specific use case, the tooling lacks robustness and fails under edge cases—characteristics typical of AI‑generated code used without significant refinement.”

Automated Reconnaissance

The AI‑generated tools were used to:

1. Analyze routing tables and classify networks by size.
2. Run port scans with the open‑source gogo scanner.
3. Identify SMB hosts and domain controllers.
4. Use Nuclei to probe for HTTP services.

Researchers note that while the tools worked in many environments, they often failed against hardened targets.

Additional Payloads

• Operational notes (in Russian) described using Meterpreter and Mimikatz for DCSync attacks against Windows domain controllers, extracting NTLM hashes from Active Directory.

• The campaign also targeted Veeam Backup & Replication servers with custom PowerShell scripts, compiled credential‑extraction tools, and attempts to exploit known Veeam vulnerabilities:

  • On server 212.11.64.250, Amazon found a PowerShell script named DecryptVeeamPasswords.ps1 used to steal backup credentials.
  • Threat actors often compromise backup infrastructure before deploying ransomware to prevent victims from restoring encrypted files.

• The “operational notes” referenced several CVEs:

  • CVE‑2019‑7192 – QNAP RCE
  • CVE‑2023‑27532 – Veeam information disclosure
  • CVE‑2024‑40711 – Veeam RCE

  The actor repeatedly failed against patched or locked‑down systems and moved on to easier targets.

Role of AI

Amazon assesses the actor’s skill level as low‑to‑medium, but notes that AI dramatically amplified their capabilities. The threat actor leveraged at least two large‑language‑model providers to:

• Generate step‑by‑step attack methodologies
• Develop custom scripts in multiple languages
• Build reconnaissance frameworks
• Plan lateral‑movement strategies
• Draft operational documentation

In one case, the actor submitted a full internal network topology (IP addresses, hostnames, credentials, services) to an AI service and asked for assistance in further spreading through the network.

“The campaign demonstrates how commercial AI services are lowering the barrier to entry for threat actors, enabling them to carry out attacks that would normally be outside their skill set,” — Amazon.

Recommendations

1. Do not expose FortiGate management interfaces to the Internet.
2. Enable MFA for all privileged accounts.
3. Ensure VPN passwords differ from Active Directory credentials.
4. Harden backup infrastructure (restrict access, keep software patched).

Related Reports

Google recently reported that threat actors are abusing Gemini AI across all stages of cyber‑attacks, mirroring Amazon’s observations. See the full story on BleepingComputer.

The Future of IT Infrastructure Is Here

Read the guide →

Modern IT infrastructure moves faster than manual workflows can handle.

In this new Tines guide, you’ll learn how to:

• Reduce hidden manual delays
• Improve reliability through automated response
• Build and scale intelligent workflows on top of the tools you already use