Threats

AWS Reports 600+ FortiGate Firewalls Compromised in AI-Augmented Campaign by Russian-Speaking Cybercrime Group

Zero Day Wire

2 min read
AWS Reports 600+ FortiGate Firewalls Compromised in AI-Augmented Campaign by Russian-Speaking Cybercrime Group

A financially motivated Russian-speaking cybercrime group compromised more than 600 internet-exposed FortiGate firewalls across 55 countries in just over a month, using off-the-shelf generative AI tools to scale an operation that would traditionally require a well-resourced team, according to a new incident report from AWS.

The campaign, which ran from mid-January to mid-February 2026, is a clear signal that AI-augmented attacks are no longer theoretical — they're enabling small crews to operate at a scale and speed that previously required significant manpower.

AI-Generated Tooling Throughout the Kill Chain

AWS investigators found that the threat actors embedded commercial AI tools across their entire workflow — not just for occasional scripting assistance, but for generating complete attack playbooks, custom tooling, and operational planning artifacts.

Evidence of AI-generated code and planning documents was recovered from compromised infrastructure, revealing how the tools were used to produce a volume and variety of custom tooling that would normally indicate a well-resourced development team.

"A single actor or very small group generated this entire toolkit through AI-assisted development," said CJ Moses, CISO at Amazon.

The tooling was described as functional but rough — simplistic parsing logic and redundant comments characteristic of machine-generated code. Despite the lack of polish, it was effective enough to automate broad exploitation campaigns at scale.

Attack Methodology: Volume Over Finesse

The campaign relied on basic but effective tactics rather than sophisticated exploits:

  1. Scanning — identified internet-exposed FortiGate management interfaces
  2. Credential stuffing — attempted commonly reused and weak credentials against exposed devices
  3. Configuration exfiltration — once inside, pulled configuration files containing administrator and VPN credentials, network topology, and firewall rules
  4. Lateral movement — used harvested credentials to pivot into Active Directory, dump additional credentials, and probe internal networks
  5. Backup targeting — specifically hunted for Veeam backup servers

When targets put up resistance, the attackers simply moved on to softer ones — reinforcing that the strategy was opportunistic volume rather than targeted persistence. The geographic spread was broad across Europe, Asia, Africa, and Latin America with no apparent targeting pattern.

Downstream Risk via MSPs

AWS noted clusters of activity suggesting some compromises may have provided access to managed service providers or shared environments, amplifying downstream risk to their customers. A single compromised MSP FortiGate could expose dozens of client networks.

The AI Multiplier Effect

This campaign illustrates what security researchers have been warning about: AI doesn't need to create novel attack techniques to be dangerous. By automating the tedious parts of offensive operations — scripting, playbook generation, tool development — it allows small, low-skilled groups to run campaigns at a pace and scale that was previously out of reach.

The findings follow Google's recent warning that criminals are increasingly integrating generative AI directly into their operations, including using Gemini for reconnaissance, target profiling, phishing, and malware development.

Defender Recommendations

  • Remove FortiGate management interfaces from the public internet — this single step would have prevented most of the initial access
  • Enforce MFA on all administrative access — credential stuffing becomes ineffective with multi-factor authentication in place
  • Audit for credential reuse — ensure FortiGate admin and VPN credentials are unique and rotated regularly
  • Monitor configuration file access — alert on bulk reads of firewall configuration, especially from unusual sources
  • Protect backup infrastructure — isolate Veeam and other backup servers from general network access
  • Hunt for post-compromise indicators — review Active Directory authentication logs for anomalous access patterns following any FortiGate compromise
  • Assess MSP exposure — organizations using managed service providers should verify their providers' FortiGate patching and access control posture

Read more

ClickFix Campaign Compromises Legitimate Sites to Deploy MIMICRAT — A Custom C++ RAT With 22 Post-Exploitation Commands

ClickFix Campaign Compromises Legitimate Sites to Deploy MIMICRAT — A Custom C++ RAT With 22 Post-Exploitation Commands

Elastic Security Labs has disclosed a new ClickFix campaign that leverages compromised legitimate websites as delivery infrastructure to deploy a previously undocumented remote access trojan dubbed MIMICRAT (also tracked as AstarionRAT). The campaign, discovered earlier this month, demonstrates significant operational sophistication — from multi-stage PowerShell chains that bypass Windows security controls

By Zero Day Wire
ShinyHunters Linked to Device Code Vishing Attacks Targeting Microsoft Entra Accounts via OAuth 2.0 Abuse

ShinyHunters Linked to Device Code Vishing Attacks Targeting Microsoft Entra Accounts via OAuth 2.0 Abuse

A new wave of attacks is combining voice phishing (vishing) with OAuth 2.0 device authorization abuse to compromise Microsoft Entra accounts at technology, manufacturing, and financial organizations — bypassing traditional phishing infrastructure entirely. Sources told BleepingComputer they believe the ShinyHunters extortion gang is behind the campaigns, which the threat actors

By Zero Day Wire