Amazon Warns of AI-Powered Russian Hacker Campaign Targeting FortiGate Firewalls Worldwide

In a stunning revelation that underscores the rapidly evolving landscape of cyber threats, Amazon’s Chief Information Security Officer (CISO), CJ Moses, has issued a stark warning about a sophisticated hacking campaign that leveraged generative artificial intelligence to breach over 600 FortiGate firewalls across 55 countries in just five weeks.

The Scale and Scope of the Attack

The campaign, which unfolded between January 11 and February 18, 2026, represents a new frontier in cybercrime, where AI tools are not just assisting but actively amplifying the capabilities of threat actors. The breaches were geographically diverse, affecting organizations across South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia, among other regions.

What makes this campaign particularly alarming is that it didn’t rely on sophisticated zero-day exploits or cutting-edge vulnerabilities. Instead, the attackers exploited a combination of exposed management interfaces and weak credentials lacking multi-factor authentication (MFA) protection. This approach demonstrates a shift in tactics—rather than breaking in through technical vulnerabilities, the threat actors used AI to maximize their effectiveness against common security misconfigurations.

AI as a Force Multiplier for Cybercriminals

The most concerning aspect of this campaign is how extensively the threat actor utilized commercial AI services to scale their operations. According to Amazon’s analysis, the Russian-speaking hacker employed at least two large language model providers throughout the campaign to:

• Generate step-by-step attack methodologies tailored to each target
• Develop custom scripts in multiple programming languages
• Create sophisticated reconnaissance frameworks
• Plan lateral movement strategies within compromised networks
• Draft detailed operational documentation in Russian

“This campaign demonstrates how commercial AI services are lowering the barrier to entry for threat actors, enabling them to carry out attacks that would normally be outside their skill set,” Moses explained in Amazon’s security blog.

The AI wasn’t just a tool—it was a force multiplier that transformed what would have been a low-to-medium skill attack into a highly effective global campaign. In one particularly revealing instance, the attacker submitted a full internal victim network topology, including IP addresses, hostnames, credentials, and known services, to an AI service and asked for help spreading further into the network.

The Technical Anatomy of an AI-Powered Breach

Once the threat actor gained initial access to FortiGate devices, they extracted comprehensive configuration settings that included SSL-VPN user credentials with recoverable passwords, administrative credentials, firewall policies, internal network architecture, IPsec VPN configurations, and network topology information.

The extracted configuration files were then processed using what appears to be AI-assisted Python and Go tools. Amazon’s analysis revealed clear indicators of AI-generated code: redundant comments that merely restate function names, simplistic architecture with disproportionate investment in formatting over functionality, naive JSON parsing via string matching rather than proper deserialization, and compatibility shims for language built-ins with empty documentation stubs.

“While functional for the threat actor’s specific use case, the tooling lacks robustness and fails under edge cases—characteristics typical of AI-generated code used without significant refinement,” Amazon noted.

Custom AI Toolset Powers the Campaign

Separate research published by the Cyber and Ramen security blog provides additional technical details about how AI and large language models were incorporated directly into the intrusion campaign. The misconfigured server at 212.11.64.250 exposed 1,402 files, including stolen FortiGate configuration backups, Active Directory mapping data, credential dumps, vulnerability assessments, and attack planning documents.

Among the most significant discoveries was a custom Model Context Protocol (MCP) server named ARXON, which acted as a bridge between reconnaissance data and commercial large language models. The researcher found no public references to ARXON, indicating it was likely a custom MCP framework created by the threat actor specifically for this campaign.

An MCP server acts as an intermediary layer that ingests data, feeds it into language models, and then uses the generated output with other tools. In this campaign, the ingested data was used to automate post-compromise analysis and attack planning.

A separate Go tool called CHECKER2 served as a Docker-based orchestrator that scanned thousands of VPN targets in parallel, with logs showing more than 2,500 potential targets across 100+ countries. Reconnaissance data collected from compromised FortiGate appliances and internal networks was fed into ARXON, which then queried large language models such as DeepSeek and Claude to generate structured attack plans.

These attack plans included instructions for gaining Domain Admin, suggested locations to search for credentials, recommended exploitation steps, and guidance on spreading laterally to other devices. In some cases, Claude Code was configured to execute offensive tools on its own, including Impacket scripts, Metasploit modules, and hashcat, without requiring the threat actor to approve each command.

Targeting Critical Infrastructure

The campaign’s sophistication extended beyond initial access. Operational documentation written in Russian detailed how to use Meterpreter and mimikatz to conduct DCSync attacks against Windows domain controllers and extract NTLM password hashes from the Active Directory database.

The threat actors specifically targeted Veeam Backup & Replication servers using custom PowerShell scripts, compiled credential-extraction tools, and attempted to exploit Veeam vulnerabilities. On one of the servers found by Amazon, the threat actor hosted a PowerShell script named “DecryptVeeamPasswords.ps1” that was used to target the backup application.

Amazon explains that threat actors often target backup infrastructure before deploying ransomware to prevent the restoration of encrypted files from backups. This targeting strategy suggests the campaign may have been laying the groundwork for future ransomware attacks or data theft operations.

The operational notes also contained multiple references to trying to exploit various vulnerabilities, including CVE-2019-7192 (QNAP RCE), CVE-2023-27532 (Veeam information disclosure), and CVE-2024-40711 (Veeam RCE).

Evolution of the Attack Methodology

The researcher notes that the operation evolved over several weeks, with the attacker initially using an open-source HexStrike MCP framework and, about eight weeks later, moving to the automated, customized ARXON system. This evolution demonstrates how quickly threat actors are adapting to incorporate AI tools into their operations and refining their methodologies based on operational experience.

CronUp security researcher Germán Fernández also found a different server exposing a directory containing what appear to be AI-generated tools targeting FortiWeb. While these tools do not appear to be part of the FortiGate campaign, they once again show how threat actors are continuing to use AI tools to power their attacks.

Implications for Cybersecurity

This campaign represents a watershed moment in cybersecurity, demonstrating that generative AI is being used as a multiplier that allows attackers to scale intrusions more efficiently. The implications are profound: defenders can no longer assume that sophisticated attacks require equally sophisticated threat actors.

The campaign also highlights the importance of fundamental security practices. The threat actor repeatedly failed when attempting to breach patched or locked-down systems but instead of continuing to try to gain access, they moved on to easier targets. This opportunistic approach, amplified by AI, makes every exposed device a potential entry point.

Recommendations for Defenders

Amazon recommends several critical steps for FortiGate administrators:

• Never expose management interfaces to the internet
• Ensure multi-factor authentication is enabled on all administrative accounts
• Use unique passwords for VPN accounts that differ from Active Directory credentials
• Harden backup infrastructure with additional security controls
• Regularly audit SSH activity and VPN account creation for unusual patterns

The company also emphasizes the need for organizations to recognize that AI-powered attacks are becoming the new normal. Defenders must adapt their strategies accordingly, focusing not just on technical controls but also on monitoring for the behavioral patterns that indicate AI-assisted attacks.

The Future of AI in Cybercrime

This campaign mirrors findings from Google’s recent report that threat actors are abusing Gemini AI across all stages of cyberattacks. The convergence of these independent findings suggests we’re witnessing the emergence of a new paradigm in cybercrime, where AI tools are becoming standard equipment for both sophisticated and unsophisticated threat actors alike.

As AI technology continues to advance and become more accessible, we can expect to see similar campaigns targeting other types of infrastructure. The barrier to entry for conducting sophisticated attacks is lowering, while the potential impact of those attacks is increasing.

Organizations must prepare for a future where AI-powered attacks are not the exception but the rule. This requires not just technological solutions but also new approaches to security awareness, incident response, and threat intelligence that can keep pace with AI-enhanced adversaries.

The Amazon report serves as both a warning and a call to action for the cybersecurity community. The genie is out of the bottle—AI is now a permanent fixture in the cyber threat landscape, and defenders must evolve their strategies accordingly or risk being overwhelmed by AI-powered adversaries who can operate at unprecedented scale and sophistication.

Tags: AI-powered hacking, FortiGate firewall breach, Russian cyber threat, generative AI cybercrime, Amazon security warning, MCP server attack, ARXON framework, Veeam backup targeting, ransomware preparation, AI-assisted penetration testing, multi-factor authentication failure, exposed management interfaces, Claude Code exploitation, DeepSeek AI abuse, cybersecurity evolution, threat actor automation, network reconnaissance AI, credential extraction tools, lateral movement automation, backup infrastructure targeting

Viral Sentences:

AI is turning low-skill hackers into global threats, Russian hackers breach 600 firewalls in 5 weeks using AI, Amazon sounds alarm on AI-powered cybercrime wave, FortiGate devices compromised through AI-enhanced brute force attacks, AI tools are the new weapons in the cyber criminal arsenal, Generative AI lowers the barrier for sophisticated cyberattacks, Amazon reveals how AI is amplifying cyber threats worldwide, Russian-speaking threat actor leverages Claude and DeepSeek for global breaches, AI-assisted hacking tools exposed in massive FortiGate compromise, Cybersecurity faces new era as AI becomes standard tool for hackers, 55 countries affected by AI-powered FortiGate firewall attacks, Exposed management interfaces and weak credentials targeted by AI-enhanced hackers, Amazon CISO warns of AI’s role in scaling cybercrime operations, Custom MCP server ARXON discovered in AI-powered hacking campaign, Veeam backup systems specifically targeted in AI-driven attack, Threat actors evolve from HexStrike to custom ARXON framework in weeks, AI-generated code reveals amateur skills amplified by artificial intelligence, Multiple CVEs including Veeam vulnerabilities exploited in AI-assisted campaign, Defenders must adapt as AI-powered attacks become the new normal, Organizations warned to secure FortiGate devices against AI-enhanced threats

,