Amazon threat researchers just published a detailed breakdown of how a Russian-speaking hacker with limited technical skills used commercial AI tools to breach more than 600 Fortinet firewalls across 55 countries in just five weeks. The attacker’s operational security was so poor that Amazon could watch the entire campaign unfold in real time.
The campaign ran from January 11 to February 18, 2026. No zero-day exploits were involved. The attacker simply scanned for FortiGate management interfaces exposed to the internet, then used weak passwords to get in. What made this different was how AI helped a low-skill operator achieve the kind of scale that would have previously required a much larger and more capable team.
How AI Filled the Skill Gap
Amazon’s assessment is blunt: the threat actor had “low-to-medium” technical capabilities. But commercial AI services turned that limitation into a minor obstacle.
According to the AWS Security Blog, the attacker used multiple generative AI services throughout every phase of the operation. AI helped with attack planning, generating step-by-step exploitation instructions. It helped develop custom tools in Go and Python for scanning and reconnaissance. When the attacker needed to pivot deeper into compromised networks, AI provided guidance on lateral movement techniques.
The attacker even built a custom Model Context Protocol (MCP) server named ARXON that acted as a bridge between reconnaissance data and commercial large language models. Think of it as an AI assistant specifically configured to help with hacking operations - analyzing stolen configurations, suggesting next steps, helping parse credentials.
This isn’t a sophisticated nation-state operation. It’s someone who probably couldn’t have pulled this off two years ago, now running a 55-country campaign because ChatGPT and its competitors can fill in the gaps.
The Attack Itself
The methodology was straightforward credential stuffing at scale. The attacker scanned the internet for FortiGate management interfaces exposed on ports 443, 8443, 10443, and 4443, then attempted to log in using commonly reused passwords.
The target list was global: concentrations appeared across South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia. More than 600 devices were successfully compromised, giving the attacker VPN access into those organizations’ internal networks.
Once inside, the operation followed a familiar pattern. The attacker deployed reconnaissance tools - with versions written in both Go and Python - that extracted and decrypted FortiGate configuration files. These files contain VPN credentials, internal network topologies, and authentication data.
From there, the attacker moved to compromise Microsoft Active Directory environments, harvesting credential databases that could enable access to even more systems.
Targeting Backups: A Ransomware Warning Sign
Amazon’s researchers flagged one particularly concerning behavior: the attacker was specifically targeting Veeam Backup & Replication servers.
The campaign used custom PowerShell scripts designed to extract credentials from Veeam installations, along with attempts to exploit known Veeam vulnerabilities. One file found in the attacker’s infrastructure was named “DecryptVeeamPasswords.ps1” - a tool specifically designed to crack backup system credentials.
This is a classic pre-ransomware pattern. Modern ransomware gangs know that many organizations can recover from encryption attacks if their backups are intact. So the first step in a sophisticated ransomware deployment is compromising the backup infrastructure to ensure victims can’t recover without paying.
Amazon didn’t observe actual ransomware deployment during this campaign, but the targeting pattern suggests that may have been the intended endgame.
How Amazon Saw Everything
Here’s where the story gets interesting. The attacker’s operational security was terrible.
According to Amazon, the threat actor stored credentials, victim data, and detailed operational plans without encryption alongside their tooling. This gave Amazon researchers “comprehensive visibility into the threat actor’s methodologies and the specific ways they leverage AI throughout their operations.”
In other words, the attacker left their entire operation exposed. Attack plans. Stolen credentials. AI conversation logs. Target lists. All of it was accessible because the person running a 55-country hacking campaign couldn’t be bothered to encrypt their own files.
This is the double-edged nature of AI-assisted hacking. It lowers the barrier to entry, enabling people without deep technical skills to run campaigns that would have been impossible before. But those same skill gaps show up elsewhere - like in basic operational security.
What This Means
This campaign represents something security researchers have been warning about for years: AI is democratizing cybercrime.
A financially motivated individual or small group, likely operating without the resources of a nation-state or established criminal gang, achieved operational scale that would have previously required a significantly larger and more skilled team. They did it using the same AI tools available to anyone with an internet connection and a credit card.
The vulnerabilities exploited weren’t exotic. Exposed management interfaces. Weak passwords. Single-factor authentication. These are security fundamentals that organizations have been warned about for decades. But scale changes the equation. When one person can scan the entire internet for misconfigured firewalls and use AI to help crack into them, suddenly those “we’ll get to it eventually” security gaps become critical.
Amazon notes that AWS infrastructure was not involved in this campaign. But 600+ organizations in 55 countries now have to assume their internal networks, credentials, and backup systems have been compromised.
What You Can Do
If you run FortiGate devices:
- Immediately audit whether management interfaces are exposed to the internet
- Enforce multi-factor authentication on all administrative access
- Rotate credentials, especially if you’ve been using defaults or weak passwords
- Check for unauthorized VPN sessions or configuration changes since January
For everyone: This campaign succeeded not because of sophisticated exploits but because of basic security failures at scale. The lesson isn’t about AI specifically - it’s that low-hanging fruit gets picked, and AI means more people can reach it.
Multi-factor authentication, network segmentation, monitoring for unusual access patterns, and not exposing management interfaces to the internet aren’t new recommendations. They’re just more urgent now that a solo operator with ChatGPT can run a global credential-stuffing campaign.
The Bottom Line
A single person with limited hacking skills, armed with commercial AI tools, breached 600+ enterprise firewalls in five weeks. They compromised Active Directory environments, harvested credentials, and targeted backup systems in what looks like preparation for ransomware deployment.
Amazon watched it happen because the attacker was too careless to encrypt their own operational files. But the 600+ organizations that got breached don’t get that consolation. They’re now dealing with the consequences of exposed management ports and weak passwords - the same basic mistakes that have enabled network intrusions for decades, now exploited at AI-assisted scale.