AWS reports AI-augmented attack compromised 600+ FortiGate firewalls
Attack details from AWS incident report
AWS security teams documented a campaign from mid-January to mid-February 2026 where Russian-speaking cybercriminals compromised more than 600 FortiGate firewalls across 55 countries. The attackers used commercial generative AI tools to generate attack playbooks, scripts, and operational notes, enabling a relatively low-skilled group to run what would typically require more resources.
Attack methodology
The campaign focused on scanning for exposed FortiGate management interfaces on the public internet. Attackers then attempted commonly reused or weak credentials. Once inside, they extracted configuration files containing:
- Administrator and VPN credentials
- Network topology details
- Firewall rules
From there, they moved deeper into environments, targeting Active Directory, dumping credentials, and probing for lateral movement opportunities. Backup systems including Veeam servers were also targeted.
AI tooling characteristics
AWS observed that the AI-generated tooling was functional but rough around the edges, with simplistic parsing logic and redundant comments suggesting machine-generated code. The tools were embedded throughout the workflow rather than just used for occasional scripting. CJ Moses, CISO at Amazon, noted: "The volume and variety of custom tooling would typically indicate a well-resourced development team. Instead, a single actor or very small group generated this entire toolkit through AI-assisted development."
Attack patterns and defense
The attackers tended to abandon targets that put up resistance and move on to softer ones, emphasizing volume over finesse. Activity was geographically opportunistic rather than tightly targeted, with victims across Europe, Asia, Africa, and Latin America. Some compromises may have enabled access to managed service providers or larger shared environments, amplifying downstream risk.
AWS emphasized that basic security hygiene would have prevented most compromises:
- Keep management interfaces off the public internet
- Enforce multi-factor authentication
- Avoid password recycling
The findings follow recent warnings from Google about criminals increasingly integrating generative AI directly into operations, including using Gemini AI for reconnaissance, target profiling, phishing, and malware development.
📖 Read the full source: HN AI Agents
👀 See Also
Linux Kernel Proposes Decentralized Identity System to Replace PGP Web of Trust
Linux kernel maintainers are working on a decentralized identity layer called Linux ID to replace the current PGP web of trust. The system uses W3C-style decentralized identifiers (DIDs) and verifiable credentials to authenticate developers without requiring face-to-face key-signing sessions.
Skill Analyzer Now Available on ClawHub with One-Command Install
The OpenClaw Skill Analyzer security scanner is now available on ClawHub with a single command install. The tool scans skill folders for malicious patterns like prompt injection and credential theft, and includes Docker sandbox support for safe execution.
Scam Alert: Fake GitHub Airdrop Targets CLAW Token Users
A phishing scam is circulating that claims to offer $CLAW token airdrops for GitHub contributions. The scam uses a Google share link that redirects to a suspicious .xyz site and asks users to connect their wallets, potentially leading to wallet draining.
Security Warning: ClawProxy Script Stole API Keys, Resulting in Significant OpenRouter Bill
A developer installed a closed-source ClawProxy script from a Reddit user on a sandboxed WSL Ubuntu 24.04 system, which stole their OpenRouter API key and used it via Google Vertex API to run up a large bill on Opus 4.6 overnight.