AI is Empowering Cybercrime: Organizations Face the Brink of Global-Scale Attacks
Amazon Threat Intelligence has noted a concerning trend: commercial AI services are lowering technical barriers, enabling even amateur attackers to launch global-scale campaigns. A recent investigation clearly demonstrated this when a financially motivated, Russian-speaking threat actor exploited multiple commercial GenAI services to compromise over 600 FortiGate devices across more than 55 countries from January 11 to February 18, 2026.
No FortiGate vulnerabilities were exploited. The entire campaign relied on internet-exposed management ports, weak passwords, and single-factor authentication—very basic vulnerabilities that were scaled up thanks to AI. Amazon confirmed that no AWS infrastructure was involved in this attack.
The investigation results show that AI has become a force multiplier, allowing an individual or small group to achieve attack scales that previously required a team of experts.
AI enables "amateur" attackers to achieve attack scales typical of APT groups
Although not part of any APT group or state organization, this actor—thanks to commercial language models—has:
compromised multiple Active Directory systems
extracted entire credential databases
scanned and targeted backup infrastructure (a pre-ransomware indicator)
When faced with strong defenses, the attacker doesn't attempt to escalate but immediately shifts to an easier target. This shows their advantage lies in AI-supported speed and scale, not in-depth skills.
Overview of the campaign
During routine monitoring, Amazon Threat Intelligence discovered infrastructure containing malware and operational files, including:
AI-generated attack plan
victim configuration
custom tool source code
Poor OPSEC allowed analysts to trace the entire operational process—almost like an AI-driven cybercrime assembly line, where someone with limited skills can still produce, deploy, and manage mass attacks.
Initial infiltration stage: Large-scale credential abuse
The attacker scanned numerous FortiGate management ports (443, 8443, 10443, 4443) and then attempted to log in using common passwords.
The stolen FortiGate configuration file contained:
recoverable SSL-VPN passwords
admin accounts
internal network structure
firewall policies
IPsec VPN configuration
They used Python scripts—developed with AI support—to decrypt and analyze these files.
Custom Toolkit: AI-Generated Reconnaissance Framework
After gaining VPN access to the victim's network, the attacker deployed a reconnaissance tool (written in Go and Python). The source code clearly showed AI traces:
Excessive comments, repetitive function names
simple architecture, prioritizing form over function
JSON parsing using custom string tricks
undocumented compatible functions
Execution tool:
Route VPN table → network segmentation
port scanning with gogo
detect SMB/DC
vulnerability scanning with Nuclei
create a prioritized target list
Post-infiltration activities
The attacker used a common toolkit:
1. Domain takeover
use Meterpreter + mimikatz for DCSync
extract AD credential database
many instances of Domain Admin using weak passwords or ones identical to FortiGate
2. Lateral movement
Pass-the-Hash / Pass-the-Ticket
NTLM relay
RCE on Windows machine
3. Backup infrastructure attack (Veeam)
Use PowerShell, decryption tools, and attempt to exploit known CVEs
Objective: access credential backup → disrupt recovery capability → facilitate ransomware
4. Limited vulnerability exploitation capability
The attacker repeatedly failed when applying CVEs that required higher skills. They couldn't compile exploits, handle edge cases, and when faced with well-protected systems, they left.
Geographic distribution
The campaign was opportunistic, scanning a wide range of devices regardless of industry. However, Amazon noticed many clusters of devices from the same organization being compromised, indicating a large scale such as MSPs or multi-branch enterprises.
Affected devices were concentrated in:
Southeast Asia
Latin America
Caribbean
West Africa
Northern Europe
Southeast Asia
AI became the main driver of the campaign
Investigations revealed the attacker used at least two commercial LLM services, each serving different roles.
AI planned the attack
AI creates:
step-by-step instructions
estimate success rate
priority task tree
pivot plan within the internal network
The attacker copied almost verbatim and clearly lacked the deep understanding needed to make adjustments.
AI created mass tools
Dozens of scripts in various languages were generated by AI:
Configuration parser
credential collection tool
automatic VPN connection
large-scale scanning
dashboard for summarizing results
Threat actor assessment
Motivation: financial.
Language: Russian.
Skill level: low to medium, significantly enhanced by AI.
AI dependency: extremely high, from planning to tool development.
Scale of operation: broad, multinational.
Post-exploitation depth: shallow, quick to abandon when blocked.
OPSEC: poor, internal data stored publicly without encryption.
Defense recommendations
The campaign exploited the simplest mistakes—but AI enabled them to do so on a global scale. Therefore, basic defense remains the strongest line of defense.
1. Comprehensive inspection of FortiGate devices
Do not expose management ports to the internet.
Limit IP addresses for management access.
Change all default/common passwords.
Enable MFA for management and VPN.
Check configuration for any unusual admin accounts.
Review VPN logs for access from unusual geographic locations.
2. Enhance credential hygiene
Check for password duplication between FortiGate and AD.
Enforce strong passwords + MFA for VPN.
Rotate service account credentials, especially in backup systems.
3. Monitor for signs of post-exploitation
Event ID 4662 with GUID replication (DCSync indication).
Suspicious scheduled task.
Administrative connection from VPN IP range.
Signs of LLMNR/NBT-NS poisoning.
Unauthorized access to credential backup store.
New account "disguised" as a legitimate account.
4. Protect the backup system
Isolate the backup server.
Patch all Veeam vulnerabilities.
Monitor for unusual PowerShell activity.
Use immutable backups.
5. Recommendations for AWS environments
Enable Amazon GuardDuty.
Use Amazon Inspector to detect exposure and vulnerabilities.
Monitor posture through AWS Security Hub.
Maintain network device patching via Systems Manager Patch Manager.
Review unusual IAM behavior related to credential leaks.
IOC
212[.]11.64.250
185[.]196.11.225
