Ethical Hacking News
In a shocking instance, an AI-assisted hacker has managed to breach 600 FortiGate firewalls across 55 countries over the course of five weeks. The incident highlights the vulnerabilities introduced by commercial AI services and emphasizes the need for robust security measures to prevent such breaches in the future.
Amazon reported a breach of 600 FortiGate firewalls across 55 countries using AI-assisted hacking techniques.The attack exploited exposed management interfaces, weak credentials, and lacked multi-factor authentication (MFA) protection.The breach highlights the vulnerability of commercial AI services to malicious use.Threat actors used AI-generated code with redundant comments and simplistic architecture to carry out attacks.The attackers also targeted backup infrastructure using custom PowerShell scripts and exploited vulnerabilities.The incident emphasizes the need for robust security measures, such as MFA and hardening backup infrastructure.
Amazon has recently reported a shocking instance of an AI-assisted hacker breaching 600 FortiGate firewalls across 55 countries over the course of five weeks. The incident, which occurred between January 11 and February 18, 2026, is being investigated by Amazon Integrated Security CISO CJ Moses.
The attack began with the use of multiple generative AI services to target exposed management interfaces on these firewalls, which were then exploited using weak credentials that lacked multi-factor authentication (MFA) protection. The hacker took advantage of this vulnerability to gain access to other devices on the breached network and even managed to extract configuration settings such as SSL-VPN user credentials, administrative credentials, firewall policies, IPsec VPN configurations, network topology, and internal routing information.
According to Moses, the breach highlights how commercial AI services can be used by threat actors to carry out attacks that would normally be outside their skill set. The compromised firewalls were found across South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia among other regions. This widespread impact emphasizes the vulnerability of Fortinet firewalls worldwide.
Amazon's investigation into this incident reveals how threat actors are leveraging AI to automate reconnaissance on breached networks. An analysis of tools used in this campaign shows common characteristics typical of AI-generated code used without significant refinement, such as redundant comments that merely restate function names, simplistic architecture with disproportionate investment in formatting over functionality, and naive JSON parsing via string matching rather than proper deserialization.
Moreover, operational documentation written in Russian detailing how to use Meterpreter and mimikatz to conduct DCSync attacks against Windows domain controllers and extract NTLM password hashes from the Active Directory database were found. The attackers also targeted Veeam Backup & Replication servers using custom PowerShell scripts, compiled credential-extraction tools, and attempted to exploit vulnerabilities.
It's worth noting that while threat actors often target backup infrastructure before deploying ransomware, in this instance, they repeatedly failed when attempting to breach patched or locked-down systems. Instead of continuing their attempts, they moved on to easier targets. However, it is clear that the use of AI tools greatly amplified the skill set of the attackers, enabling them to carry out complex attacks with relative ease.
The report from Amazon emphasizes the importance of security measures such as not exposing management interfaces to the internet, ensuring MFA is enabled, ensuring VPN passwords are not the same as those for Active Directory accounts, and hardening backup infrastructure. Furthermore, it notes that threat actors often attempt to exploit vulnerabilities but may fail due to overconfidence or a lack of expertise.
The incident involving AI-assisted hacking highlights the evolving nature of cyber threats and the challenges posed by the increasing reliance on commercial AI services among organizations and individuals alike. As noted in this report, AI tools have become increasingly accessible to both legitimate users and malicious actors, raising concerns about the misuse of these technologies for malicious purposes.
In conclusion, Amazon's revelation of an AI-assisted hacker breaching 600 FortiGate firewalls highlights the potential risks associated with using commercial AI services without proper oversight. It underscores the need for continued vigilance in implementing robust security measures to prevent such breaches and emphasizes the importance of understanding how these technologies can be used by malicious actors.
Related Information:
https://www.ethicalhackingnews.com/articles/Ambivalent-AI-Assisted-Hacker-Brings-Fortinet-Firewalls-to-Its-Knees-ehn.shtml
https://www.bleepingcomputer.com/news/security/amazon-ai-assisted-hacker-breached-600-fortigate-firewalls-in-5-weeks/
Published: Sat Feb 21 08:25:36 2026 by llama3.2 3B Q4_K_M
