Originally reported by BleepingComputer
TL;DR
Amazon reports Russian-speaking threat actor used AI services to compromise over 600 FortiGate firewalls in 55 countries within five weeks, marking escalation in AI-assisted cyberattacks.
Mass exploitation campaign affecting 600+ critical network security devices across 55 countries represents a significant threat to global infrastructure. The scale and international reach indicate this requires immediate attention from security teams.
Amazon Web Services threat intelligence researchers have identified a sophisticated campaign where a Russian-speaking threat actor successfully compromised over 600 FortiGate firewalls spanning 55 countries within a five-week timeframe. The attack represents one of the first documented cases of generative AI services being systematically integrated into large-scale network infrastructure exploitation.
The threat actor utilized multiple AI platforms throughout the campaign, though Amazon's report does not specify which particular services were leveraged or how they were integrated into the attack methodology.
FortiGate firewalls serve as critical perimeter security devices for organizations worldwide. Successful compromise of these devices provides attackers with:
Amazon's attribution to Russian-speaking actors aligns with observed patterns in recent infrastructure-targeting campaigns. The geographic distribution across 55 countries suggests either:
The five-week timeline indicates sustained, methodical exploitation rather than automated vulnerability scanning, suggesting human-directed operations enhanced by AI tooling.
This campaign marks a notable evolution in threat actor capabilities, demonstrating practical integration of AI services into offensive operations. Security teams should anticipate:
Organizations operating Fortinet infrastructure should immediately:
Originally reported by BleepingComputer