Amazon: AI-assisted hacker breached 600 Fortinet firewalls in 5 weeks

Amazon has issued a stark warning about a sophisticated campaign where a threat actor, believed to be Russian-speaking, leveraged generative AI tools to breach over 600 Fortinet firewalls globally. The five-week operation targeted organizations across 55 countries, highlighting a new era of AI-enhanced cyber threats.

The attacker exploited a known **vulnerability** in FortiGate devices, using it as an initial entry point. Once inside, they deployed custom **malware** designed to maintain persistent access and steal sensitive credentials. This **data breach** allowed the hacker to move laterally through victim networks undetected for weeks.

Security analysts note the campaign’s heavy reliance on AI services to generate convincing phishing lures and refine malicious code. This use of AI significantly increased the scale and speed of the attack, automating the creation of credible social engineering content to trick employees.

A critical aspect of the operation involved the theft of **crypto** assets and attempts to compromise internal **blockchain security** protocols. The attacker sought not only financial gain but also to undermine trust in digital transaction systems within the targeted enterprises.

While no **zero-day** was used, the incident underscores the danger of unpatched systems. The **exploit** leveraged was for a flaw that had a patch available, yet hundreds of organizations remained exposed. This gap between patch release and implementation remains a major **cybersecurity** challenge.

The end goal appears to have been a widespread **ransomware** deployment. By establishing a strong foothold in so many networks, the hacker positioned themselves to potentially encrypt data on a massive scale, though that final stage was reportedly disrupted.

This event serves as a powerful reminder that AI is a dual-use technology. Defenders use it to predict threats, but attackers now harness it to craft more effective campaigns. The line between human and machine-driven **phishing** is becoming dangerously blurred.

Organizations are urged to prioritize immediate patching of internet-facing devices and enforce strict multi-factor authentication. As AI tools become more accessible, the defensive playbook must evolve just as rapidly to counter these automated, intelligent threats.