Cybercriminals armed with off-the-shelf generative AI tools compromised more than 600 internet-exposed FortiGate firewalls across 55 countries in just over a month, according to a new incident report from AWS.
The campaign, which ran from mid-January to mid-February, relied less on clever zero-days and more on the equivalent of trying every digital door handle – just at machine speed, with AI lending a hand behind the scenes.
AWS says the financially motivated Russian-speaking crew behind the campaign scanned for exposed FortiGate management interfaces, tried commonly reused or weak credentials, and then hoovered up configuration files once inside, giving them a roadmap of victim networks.
The cloud giant’s security team says the actor used multiple commercial AI tools to generate attack playbooks, scripts, and operational notes, effectively allowing a relatively low-skilled outfit to run a campaign that…
https://www.theregister.com/2026/02/23/aws_fortigate_firewalls/
