UrsaClimb Logo

AWS says more than 600 FortiGate firewalls hit in AI-augmented campaign

The Register
February 23, 2026
AI-Generated Deep Dive Summary
Russian-speaking cybercriminals have launched a large-scale attack campaign using off-the-shelf generative AI tools to compromise over 600 exposed FortiGate firewalls in just one month, according to an AWS report. The attackers targeted management interfaces of the firewalls, exploiting weak or reused credentials and stealing configuration files to map out victim networks. Once inside, they accessed sensitive data like administrator credentials, network topologies, and firewall rules, enabling further lateral movement within networks. The campaign relied heavily on AI for automation, with the criminals using commercial tools to generate attack playbooks, scripts, and operational notes. This allowed a small group to execute attacks that would traditionally require more resources or expertise. Investigators found evidence of AI-generated code and planning artifacts on compromised systems, suggesting the tools were deeply integrated into the workflow. The attackers targeted victims across 55 countries, including regions in Europe, Asia, Africa, and Latin America. The campaign appeared opportunistic, with some compromises potentially granting access to managed service providers or shared environments, amplifying risks for downstream targets. Despite their AI-powered approach, the attackers tended to abandon high-resistance targets, focusing instead on softer ones to maximize efficiency. The report underscores the growing sophistication of cybercriminal tools and the importance of basic security hygiene. Organizations are urged to secure exposed management interfaces, enforce multi-factor authentication, and avoid password reuse to mitigate such threats. This incident highlights how AI is increasingly being weaponized by attackers, as previously noted by Google’s warnings about generative AI being exploited for malicious purposes. The findings raise concerns about the potential for even more damaging attacks as cybercriminals continue to integrate advanced tools into their operations. For tech professionals and organizations, understanding the evolving threat landscape and implementing robust security measures are critical steps in staying ahead of these emerging threats.
Verticals
tech
Originally published on The Register on 2/23/2026