





















AWS describes the campaign as an ‘AI-powered assembly line for cybercrime’.
Commercial AI services are lowering the technical barrier needed to commit cybercrimes, and Amazon has warned that this trend will continue.
Amazon Web Services (AWS) said it recently observed what it described as a Russian-speaking, financially motivated threat actor leveraging multiple commercial generative AI (GenAI) services to compromise more than 600 FortiGate devices across more than 55 countries between 11 January and 18 February.
FortiGate is a newer generation firewall that provides advanced network protection when compared to more traditional ones.
AWS described the hacker as an “unsophisticated” individual or small group armed with AI tools that helped them achieve an operational scale to carry out the attacks, something that would have previously required a significantly larger and more skilled team.
The campaign stuck out to AWS because of the hacker group’s use of multiple commercial GenAI services. AWS described the campaign as an “AI-powered assembly line for cybercrime, helping less skilled workers produce at scale”, in a blog authored by CJ Moses, who leads security engineering and operations at Amazon.
The threat actor compromised globally dispersed FortiGate appliances, accessing credentials and device configuration information. They then used these stolen credentials to connect to victims’ internal networks to access more credentials and attempt to access backup infrastructure.
According to AWS’s observations, FortiGate vulnerabilities were not exploited by the hacker. Instead, the campaign exploited exposed management ports and weak credentials with single-factor authentication.
Moreover, when the actor encountered more secure environments, they moved on to softer targets rather than persisting, meaning their capability probably lies in AI-augmented efficiency and scale, not deeper technical skills, according to AWS.
The targeting seemed opportunistic rather than sector-specific, attacking vulnerable appliances via mass scanning using AI tools, AWS noted.
The threat actor in this campaign is not known to be associated with any advanced persistent threat group with state-sponsored resources, the blog explained. Amazon said it was not compromised in this incident.
To respond, AWS recommended that organisations running FortiGate appliances should ensure management interfaces are not exposed to the internet, and advised that organisations change all default and common credentials on FortiGate appliances, including administrative and VPN user accounts.
In addition, AWS recommended that organisations enforce unique, complex passwords for all accounts.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。