Amazon is warning that a Russian-speaking hacker used several generic AI services as part of a campaign that breached more than 600 FortiGate firewalls in 55 countries over five weeks.
A new report from CJ Moses, CISO of Amazon Integrated Security, says that the hacking campaign occurred between January 11 and February 18, 2026, and did not rely on any exploits to break the Fortinet firewall.
Instead, the threat actor targeted exposed management interfaces and weak credentials that lacked MFA protection, then used AI to help automate access to other devices on the breached network.
Moses says the compromised firewalls were spotted in other regions, including South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia.
An AI-powered hacking campaign
Amazon says it became aware of the campaign after finding a server hosting a malicious tool used to target the Fortinet FortiGate firewall.
As part of the campaign, the threat actor targeted FortiGate management interfaces exposed to the Internet by scanning services running on ports 443, 8443, 10443, and 4443. The targeting was reportedly opportunistic rather than targeting any specific industry.
Like us, instead of exploiting zero-days See Targeting FortiGate devices generallyThe actor used brute-force attacks with common passwords to gain access to the devices.
Once breached, the threat actor extracted device configuration settings, including:
- SSL-VPN User Credentials with Recoverable Password
- administrative credentials
- Firewall policies and internal network architecture
- IPsec VPN configuration
- Network topology and routing information
These configuration files were then parsed and decrypted using AI-assisted Python and Go tools.
“After gaining VPN access to the victim network, the threat actor deploys a custom reconnaissance tool, with separate versions written in both Go and Python.” Amazon explained.
“Analysis of the source code reveals clear indicators of AI-assisted development: redundant comments that merely restate function names, simple architecture with disproportionate investment in formatting over functionality, naive JSON parsing through string matching instead of proper deserialization, and language compatibility shims for the underlying language with empty document stubs.”
“Although functional for the threat actor's specific use case, the tooling lacks robustness and fails at edge cases – typical characteristics of AI-generated code used without significant refinements.”
These tools were used to automate reconnaissance on broken networks by analyzing routing tables, classifying networks based on size, and running port scans using open-source. gogo scannerIdentifying SMB hosts and domain controllers, and using Nuclei to view HTTP services.
The researchers say that although the devices were functional, they typically failed in more harsh environments.
The operational document, written in Russian, details how to conduct DCSync attacks against Windows domain controllers and use Meterpreter and Mimikatz to extract NTLM password hashes from Active Directory databases.
The campaign specifically targeted Veeam backup and replication servers using custom PowerShell scripts, compiled credential-extraction tools, and attempted to exploit Veeam vulnerabilities.
On one of the servers found by Amazon (212(.)11.64.250), the threat actor hosted a Powershell script named “.DecryptVeeamPasswords.ps1” which was used to target backup applications.
As Amazon points out, threat actors often target backup infrastructure before deploying ransomware to prevent restoration of encrypted files from backups.
The “operational notes” also included multiple references to threat actors attempting to exploit various vulnerabilities. CVE-2019-7192 (QNAP RCE), CVE-2023-27532 (Veem Information Disclosure), and CVE-2024-40711 (Veam RCE).
The report said attackers repeatedly failed when attempting to break into patched or locked-down systems, but rather than continue trying to gain access, they moved on to easier targets.
While Amazon believes the threat actor had a low-to-medium skill set, that skill set was significantly enhanced through the use of AI.
Researchers say the threat actors used at least two large language model providers throughout the campaign:
- Generate step-by-step attack patterns
- Develop custom scripts in multiple programming languages
- create reconnaissance structures
- Plan lateral movement strategies
- draft operating document
In one example, the actor allegedly submitted a complete internal victim network topology, including IP addresses, hostnames, credentials, and known services, to an AI service and asked for help in containing further spread in the network.
Amazon says the campaign demonstrates how commercial AI services are lowering the barrier of entry for threat actors, enabling them to carry out attacks that would normally be outside their skill set.
The company recommends that FortiGate administrators not expose the management interface to the Internet, ensure MFA is enabled, ensure VPN passwords are not the same as Active Directory accounts, and harden the backup infrastructure.
Google recently reported Threat actors are abusing Gemini AI in all stages of cyberattacks, which is what Amazon has seen in this campaign.
Modern IT infrastructure moves faster than manual workflows.
In this new Tynes guide, learn how your team can reduce hidden manual delays, improve reliability through automated responses, and build and scale intelligent workflows on top of the tools you already use.