A financially motivated, unsophisticated threat actor used generative AI to compromise over 600 FortiGate firewalls across more than 55 countries. The attacks succeeded by exploiting exposed management ports and weak credentials, not software vulnerabilities, with AI helping automate reconnaissance, tool creation, and data parsing. The actor specifically targeted credentials and backup infrastructure, like Veeam servers, to enable potential ransomware attacks. This incident demonstrates how AI is lowering the technical barrier, allowing less skilled individuals to achieve attack scale previously requiring larger teams.
600+ FortiGate Devices Hacked by AI-Armed Amateur
A Russian-speaking hacker used generative AI to compromise the FortiGate firewalls, targeting credentials and backups for possible follow-on ransomware attacks.
A financially motivated threat actor with little technical knowhow used generative AI (GenAI) to breach hundreds of FortiGate instances at scale. While this showcases how AI can scale workflows to support threat actors, it also indicates how GenAI is lowering of the technical bar for attackers.
A Russian-speaking financially motivated cyber threat actor used otherwise legitimate GenAI services to compromise more than 600 instances of Fortinet's FortiGate firewall, according to Amazon Web Services. Researchers detected the compromises between January and February, finding that devices originated from more than 55 countries, with concentrations noted across South Asia, Latin America, the Caribbean West Africa, Northern Europe, and beyond.
Perhaps most notably, "no exploitation of FortiGate vulnerabilities was observed — instead, this campaign succeeded by exploiting exposed management ports and weak credentials with single-factor authentication, fundamental security gaps that AI helped an unsophisticated actor exploit at scale," according to a blog post detailing the activity.
This is by no means an isolated incident: ReliaQuest previously reported that the vast majority of ransomware-as-a-service actors are using AI tools to help automate threat activity. Cyberattackers are also using modern AI technology to conduct reconnaissance, scale social engineering campaigns involving tactics like phishing, and much more.
Unsophisticated Actor Compromises 600 FortiGate Instances
What stands out about this recent campaign is how the threat actor appeared otherwise technically unsophisticated but leveraged GenAI services "throughout every phase of their operations," CJ Moses, chief information security officer (CISO) of Amazon Integrated Security, wrote.
"The threat actor in this campaign is not known to be associated with any advanced persistent threat (APT) group with state-sponsored resources," Moses explained. "They are likely a financially motivated individual or small group who, through AI augmentation, achieved an operational scale that would have previously required a significantly larger and more skilled team."
Despite this lack of sophistication, the attacker managed to compromise multiple organizations' Active Directory environments and extract credentials and backup infrastructure. When the attacker met resistance, Moses said, "they simply moved on to softer targets rather than persisting, underscoring that their advantage lies in AI-augmented efficiency and scale, not in deeper technical skill."
Amazon did not provide a list of commercial GenAI services the attacker used. However, some use cases were listed: the actor conducted network reconnaissance through custom-built tooling, created custom step-by-step exploitation instructions with a prioritized task tree, and coded multiple additional tools for various pre-and-post exploitation purposes.
The primary initial access vector was exploiting commonly reused credentials on FortiGate management interfaces exposed to the Internet, found by scanning across ports 443, 8443, 10443, and 4443. The goal was to gain access to configuration files, which would contain everything from admin credentials to firewall policies and network topology.
"The threat actor developed AI-assisted Python scripts to parse, decrypt, and organize these stolen configurations," Moses wrote.
Once inside victim networks, the attacker specifically targeted Veeam Backup & Replication servers, which "represent high-value targets because they typically store elevated credentials for backup operations, and compromising backup infrastructure positions an attacker to destroy recovery capabilities before deploying ransomware." Other post-exploitation activities for domain compromise and lateral movement involved using established open source offensive tools.
The Defender Component for GenAI-Powered Campaigns
It is noteworthy that the threat actor conducted such a far-reaching campaign using GenAI tools, but while this speaks to the power of LLMs in threat operations, it may also work well as a cautionary tale to the enterprise defender based on how numerous organizations were breached.
"This campaign succeeded through a combination of exposed management interfaces, weak credentials, and single-factor authentication — all fundamental security gaps that AI helped an unsophisticated actor exploit at scale," Moses said. "This underscores that strong security fundamentals are powerful defenses against AI-augmented threats."
For organizations using FortiGate, AWS recommends ensuring management interfaces are not connected to the Internet, and if they are, to restrict access to known IP address ranges. Orgs should also change all default and common credentials across appliances, rotate all SSL-VPN user credentials, audit VPN connection logs for connections from unexpected geographic locations, and implement multifactor authentication (MFA) for all admin and VPN access.
Organizations that may have been affected should monitor for unexpected DCSync operations, new scheduled tasks named to mimic legitimate Windows services, unauthorized access to backup credential stores, and new accounts with names designed to blend in with legitimate ones. AWS also provided a complete list of recommendations and indicators of compromise (IoCs).
Fortinet did not immediately return a request for comment.
Xcape's Damon Small tells Dark Reading that the threat actor's end-to-end use of GenAI is somewhat novel but an approach that will almost certainly become more common with time.
"The economy of scale afforded by AI bots makes it almost trivial to 'spray and pray' across a large population of potentially misconfigured devices," he says.
Meridiano
