In a recent report by AWS, over 600 Fortinet FortiGate firewalls have been compromised in an AI-driven hacking campaign. This operation, which unfolded between January 11 and February 18, involved threat actors exploiting exposed management interfaces and weak credentials, primarily via ports 443 and 8443. The campaign appears opportunistic in nature and is attributed to a financially motivated, Russian-speaking actor with low technical skills, who utilized commercial large language models to create attack plans and scripts. The hackers targeted multiple devices within the same organization and expanded their reach across 55 countries in various continents, employing open-source tools to extract sensitive data and potentially launch ransomware attacks.
Fortinet reports over 600 firewalls hacked in AI-powered campaign
