Russian-speaking hackers used gen AI tools to compromise 600 firewalls, Amazon says
A Russian-speaking threat actor used commercial generative artificial intelligence tools to help compromise more than 600 FortiGate firewall devices across more than 55 countries earlier this year, researchers have found.
A Russian-speaking threat actor used commercial generative artificial intelligence tools to help compromise more than 600 Fortinet FortiGate firewall devices across more than 55 countries earlier this year, researchers have found.
The campaign, which ran from mid-January to mid-February, exploited weak security configurations rather than advanced technical vulnerabilities, Amazon’s threat-intelligence team said in a report published on Friday.
The hackers relied heavily on multiple commercial AI services to generate attack plans, automate scripts, and manage operations, allowing what researchers described as a “low-to-medium-skilled actor” to operate at a scale previously associated with larger, more sophisticated groups.
Source: https://therecord.media/gen-ai-fortigate-hackers-russia
Related breach coverage
- AI-powered campaign compromises 600 FortiGate systems worldwide2026-02-23
A Russian-speaking cybercriminal used commercial generative AI tools to hack over 600 FortiGate devices across 55 countries. Amazon Threat Intelligence reports that a Russian-speaking, financially motivated threat actor used commercial generative AI services to compromise more than 600 FortiGate devices in 55 countries. The activity, observed between January 11 and February 18, 2026, highlights how […]
- Pro-Ukraine hacker group Bearlyfy targets Russian companies with custom ransomware2026-03-26
A pro-Ukrainian hacker group known as Bearlyfy has carried out more than 70 cyberattacks against Russian companies over the past year and is now escalating its campaign with newly developed ransomware tools, researchers have found.
- Russian state hackers targeted Western critical infrastructure for years, Amazon says2025-12-17
Amazon disclosed a years-long Russian state-backed cyber campaign targeting Western critical infrastructure from 2021 to 2025. Amazon Threat Intelligence reports a long-running Russian state-backed campaign (2021–2025) targeting Western critical infrastructure. Threat actors shifted from exploiting vulnerabilities to abusing misconfigured network edge devices, enabling credential theft and lateral movement with lower risk. The researchers linked the […]
- Chinese-speaking hackers exploited ESXi zero-days long before disclosure2026-01-09
Chinese-speaking attackers used a hacked SonicWall VPN to deploy ESXi zero-days that were likely exploited over a year before public disclosure. Chinese-speaking attackers were seen abusing a hacked SonicWall VPN to deliver a toolkit targeting VMware ESXi. The exploit chain included a sophisticated VM escape and appears to have been developed more than a year […]