Russian-speaking hackers used gen AI tools to compromise 600 firewalls, Amazon says

A Russian-speaking threat actor used commercial generative artificial intelligence tools to help compromise more than 600 Fortinet FortiGate firewall devices across more than 55 countries earlier this year, researchers have found.

The campaign, which ran from mid-January to mid-February, exploited weak security configurations rather than advanced technical vulnerabilities, Amazon’s threat-intelligence team said in a report published on Friday.

The hackers relied heavily on multiple commercial AI services to generate attack plans, automate scripts, and manage operations, allowing what researchers described as a “low-to-medium-skilled actor” to operate at a scale previously associated with larger, more sophisticated groups.

“Commercial AI services can lower the technical barrier to entry for offensive cyber capabilities,” the report said. Amazon did not specify which AI tools were used in the campaign.

Researchers said the actor behind the attacks appeared to be financially motivated and was not known to be linked to any state-sponsored hacking group. The campaign appeared opportunistic rather than focused on specific industries, relying on automated mass scanning for vulnerable systems. Compromised devices were identified in a handful of regions, including South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia.

Amazon found extensive Russian-language documentation showing AI-generated attack plans, operational checklists, and custom code designed to automate nearly every stage of the campaign, from initial network scans to post-breach reporting.

The attacks targeted FortiGate firewalls — widely used security appliances that help organizations manage network traffic and remote access. According to Amazon, the breaches did not rely on newly discovered vulnerabilities. Instead, the attackers located devices with exposed administrative access points and weak authentication.

After gaining access, the attackers stole full device configurations that included passwords and details about network architecture. They used this information to move deeper into internal systems. In some cases, they gained access to organizations’ Active Directory environments and targeted backup systems — a step researchers say could indicate preparation for future ransomware attacks.

Researchers also analyzed custom tools recovered from the actor’s infrastructure, including scripts for credential extraction, VPN automation, and mass scanning. The code showed clear signs of AI-assisted generation: it worked under standard conditions but frequently failed in unexpected scenarios.

“The threat actor largely failed when attempting anything beyond straightforward automated attack paths,” the report found, noting repeated cases in which patched systems or basic defensive controls forced the group to abandon operations. In some instances, the attacker’s own documentation acknowledged that targets were too well protected to exploit.

Amazon said its own cloud infrastructure was not involved in the attacks. Researchers warned that the volume of such activity is likely to increase.

“Organizations should anticipate that AI-augmented threat activity will continue to grow in volume from both skilled and unskilled adversaries,” they added.

Researchers have previously warned that artificial intelligence is already reshaping how cyberattacks are carried out. 

Google said in November that state-backed hacking groups were experimenting with malware capable of using large language models during execution, allowing malicious code to adapt on the fly and potentially evade detection. More recently, researchers reported that sophisticated actors linked to China, North Korea and Iran were using Google’s Gemini AI system to enhance operations, refine malware development and gather intelligence on targets.