Researchers found a Russian-speaking threat actor used commercial generative AI tools to help compromise more than 600 Fortinet FortiGate firewalls across over 55 countries by exploiting weak security configurations. The attackers automated attack plans, scripts, and operations to steal full device configurations and escalate access into internal networks—sometimes reaching Active Directory and backup systems—raising concerns about AI-augmented opportunistic campaigns. #FortiGate #Amazon
Keypoints
- A Russian-speaking actor used commercial generative AI to scale attacks on FortiGate devices.
- The campaign targeted exposed administrative interfaces and weak authentication, not new vulnerabilities.
- AI services generated attack plans, automated scripts, and managed operations for a low-to-medium-skilled actor.
- Compromised device configurations contained passwords and network details, enabling lateral movement into Active Directory and backups.
- AI-assisted code often failed in non-standard scenarios, but researchers warn AI-augmented attacks are likely to increase.
Read More: https://therecord.media/gen-ai-fortigate-hackers-russia