Amazon: Low-Skill Hacker Exploits AI Tools to Breach FortiGate Devices Worldwide

Post Views: 19

A New Type of Cyber Threat Emerges

A recent investigation has revealed a new type of cyber threat, where a low-skilled hacker leveraged artificial intelligence (AI) tools to breach hundreds of FortiGate security devices worldwide.

The Attack Method

The attacker, who spoke Russian, managed to infiltrate over 600 devices across 55 countries in just over a month, between January 11 and February 18, 2026.

The hacker’s approach was characterized by the use of commercial AI services to automate the attack process, effectively turning basic hacking techniques into a high-speed, assembly-line operation.

This allowed the attacker to scan the internet for open management ports, specifically targeting ports 443, 8443, 10443, and 4443, without requiring advanced technical skills.

Exploiting Vulnerabilities

Once a vulnerability was identified, the attacker used AI-generated Python and Go scripts to test common or stolen passwords against the open ports.

Upon gaining access, the AI tools were used to read device settings and map out the internal network of the compromised organization.

Primary Objective

The attacker’s primary objective was to gain total control over the network.

To achieve this, they deployed well-known tools such as Meterpreter and Mimikatz to steal passwords from the company’s Active Directory servers.

Additionally, they targeted Veeam Backup & Replication servers, which, if compromised, could allow the attacker to delete a company’s ability to recover its data, leaving it vulnerable to ransom demands.

Interestingly, the attacker’s reliance on AI tools proved to be a double-edged sword.

While the AI could generate code, it sometimes produced messy and ineffective results when faced with complex systems.

The attacker’s attempts to use advanced exploits, such as CVE-2019-7192 and CVE-2023-27532, were unsuccessful due to their limited understanding of how to modify the code for updated systems.

Regional Impact

The campaign was most successful in targeting softer organizations across South Asia, Southeast Asia, Latin America, West Africa, and Northern Europe.

According to researchers, the attacker’s success in these regions highlights the need for organizations to prioritize basic security measures.

Expert Response

In response to this emerging threat, security experts emphasize the importance of traditional security practices.

Organizations should ensure that device management ports are not exposed to the public internet and implement Multi-Factor Authentication (MFA) to prevent password-only authentication.

Furthermore, it is essential to avoid reusing passwords between security devices and main office networks and to keep software up-to-date, as many of the attacker’s advanced attempts failed due to the victims’ installed security patches.

By prioritizing these measures, organizations can protect themselves against even the most sophisticated AI-augmented attacks.

CJ Moses, Amazon’s security chief, noted that while AI tools are a new aspect of cyberattacks, the solution remains rooted in traditional security practices.