Amazon Report: GenAI Fuels Massive Breach of 600+ FortiGate Firewalls Worldwide

A new report from Amazon Threat Intelligence has revealed a disturbing evolution in cybercrime: a Russian-speaking threat actor has leveraged commercial generative AI tools to breach over 600 FortiGate firewalls across 55 countries. The campaign, observed between January 11 and February 18, 2026, exemplifies how artificial intelligence is lowering the barrier to entry for attackers, allowing them to scale operations with industrial efficiency.

According to CJ Moses, Chief Information Security Officer at Amazon Integrated Security, the attacker utilized an "AI-powered assembly line" to automate complex tasks, from coding reconnaissance scripts to planning lateral movement. While the threat actor displayed limited technical sophistication, the use of AI acted as a potent force multiplier, enabling them to compromise critical infrastructure without relying on advanced exploits or zero-day vulnerabilities.

The AI-Powered Assembly Line

The Amazon investigation highlights a critical shift in the threat landscape. The adversary, identified as financially motivated rather than state-sponsored, relied heavily on multiple commercial generative AI platforms. These tools were used to generate attack scripts, orchestrate command execution, and even troubleshoot errors during the intrusion process.

Amazon researchers discovered publicly accessible infrastructure managed by the attackers that hosted a trove of AI-generated artifacts. This included source code for custom hacking tools, victim network configurations, and detailed attack plans. The reliance on AI was so heavy that when the primary AI tool was unavailable, the attacker seamlessly switched to a secondary platform to continue operations.

The custom reconnaissance tools, written in both Go and Python, bore distinct hallmarks of AI generation. Amazon's analysis of the source code revealed "redundant comments that merely restate function names, simplistic architecture with disproportionate investment in formatting over functionality, and naive JSON parsing." These characteristics suggest that the actor lacked the coding prowess to build these tools manually but successfully prompted an AI model to build them to specification.

Technical Analysis: Efficiency Over Sophistication

Contrary to fears of AI developing novel zero-day exploits, this campaign succeeded through ruthless efficiency targeting fundamental security gaps. The threat actor did not exploit specific FortiGate software vulnerabilities. Instead, they conducted mass automated scanning for management interfaces exposed on ports 443, 8443, 10443, and 4443.

Once a target was identified, the actor attempted to authenticate using default or commonly reused credentials on devices lacking multi-factor authentication (MFA). If a target proved difficult—such as having patched services or closed ports—the attacker simply moved on, prioritizing "easy pickings" over persistence.

Key Technical Observations:

• Scanning Origin: The mass scanning activity originated from the IP address 212.11.64[.]250.
• Credential Theft: Successful breaches allowed the extraction of full device configurations, including SSL-VPN credentials and network topology maps.
• Lateral Movement: Stolen data was used to pivot into internal networks, targeting Active Directory environments and backup infrastructure.
• Targeted Vulnerabilities: While initial access relied on weak credentials, post-exploitation tools were designed to exploit known vulnerabilities in Veeam Backup & Replication, specifically CVE-2023-27532 and CVE-2024-40711.

Global Impact and Pre-Ransomware Indicators

The scope of the attack was indiscriminate and sector-agnostic, affecting organizations in South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia. The widespread nature of the campaign indicates an automated "spray and pray" approach supercharged by AI processing.

Amazon classifies this activity as a pre-ransomware staging operation. The attackers focused on extracting administrative passwords, mapping the network, and compromising backup systems—classic precursors to a devastating ransomware deployment. By compromising Veeam backup servers, the actors likely intended to disable recovery options, thereby increasing the leverage for future extortion demands.

Comparative Analysis: Traditional vs. AI-Augmented Operations

The following table illustrates how the integration of Generative AI transformed the capabilities of this specific threat actor compared to a traditional low-skilled adversary.

Comparison of Adversary Capabilities

Implications for Cybersecurity Strategy

This campaign serves as a wake-up call for organizations relying on "security through obscurity." The ability of low-skilled actors to scale attacks using AI means that basic misconfigurations are now liabilities that will be discovered and exploited at machine speed.

CJ Moses emphasized that strong defensive fundamentals remain the most effective countermeasure. "As we expect this trend to continue in 2026, organizations should anticipate that AI-augmented threat activity will continue to grow," Moses stated.

Recommended Mitigations:

1. Eliminate Exposure: Ensure FortiGate management interfaces are not exposed to the public internet.
2. Enforce MFA: Implement multi-factor authentication for all VPN and administrative access points immediately.
3. Patch Management: regularly update all perimeter devices and software, specifically patching known vulnerabilities like those in Veeam.
4. Network Segmentation: Isolate backup servers from general network access to prevent ransomware actors from crippling recovery efforts.

As Generative AI continues to mature, the distinction between "skilled" and "unskilled" hackers is blurring. This incident confirms that AI is not just a tool for defenders but a potent lever for adversaries, capable of turning a novice into a global threat.