Daily NewsArtificial IntelligenceThreat Detection & Defense

Amazon Warns of AI-Assisted Breaches as Attackers Continue to Weaponise AI

Because AI Is Now Bridging the Gap Between Amateur Skill and Professional Impact

Cybersecurity threats are evolving at a breakneck pace. Today, the latest “scourge” in cyberspace isn’t just about sophisticated exploits—it’s about the weaponisation of Artificial Intelligence (AI). In fact, just recently, Amazon issued a chilling warning: a Russian-speaking threat actor successfully breached over 600 FortiGate firewalls across 55 countries in just five weeks, using Generative AI to bridge the gap between amateur skill and professional impact.

An Evolving Threat in the Age of AI

Traditionally, breaching high-level firewalls required deep technical expertise or the discovery of “zero-day” vulnerabilities. However, this latest campaign proves that AI has lowered the barrier to entry.

CJ Moses, CISO of Amazon Integrated Security, notes that the campaign—which ran from January to February 2026—did not rely on complex exploits. Instead, the attacker targeted exposed management interfaces and weak credentials lacking multi-factor authentication (MFA).

“We are seeing a trend where AI-driven automation allows low-to-medium-skill actors to execute attacks that would normally be outside their wheelhouse,” Moses explains. In other words, AI is acting as a force multiplier for the mediocre hacker.

From Brute Force to Sinister Automation

The methodology was strikingly simple yet effective. The attacker scanned for services on common ports (443, 8443, etc.) and used brute-force attacks to gain entry. Once inside, the role of AI became clear. The actor utilised AI-assisted Python and Go tools to:

  • Decrypt configuration settings and extract SSL-VPN credentials.
  • Map internal network topologies and identify domain controllers.
  • Generate step-by-step attack methodologies and lateral movement strategies.

Amazon’s analysis of the source code revealed “clear indicators” of AI development, such as redundant comments and simplistic architectures that prioritised formatting over robust functionality. While the code often failed in hardened environments, it was more than sufficient to wreak havoc on unprotected systems.

Targeting the “Safety Net”

Perhaps most sinister was the focus on backup infrastructure. The attacker specifically targeted Veeam Backup & Replication servers to ensure victims could not restore their data. By neutralising the safety net before deploying ransomware or extracting data, the threat actor turned a simple breach into a major headache for organisations in South Asia, Latin America, and beyond.

The “operational notes” found on the attacker’s server even showed them asking an AI service for direct help in spreading through a victim’s specific network topology. It is a grim reminder that commercial AI services are now being used as a consultant for crime.

A Best Practice Checklist

As the Amazon report highlights, even a “low-skill” attacker can become a significant threat when bolstered by AI automation. Protecting your organisation’s digital presence requires more than just installing a firewall and hoping for the best. To ensure the integrity and availability of your network, the following measures are no longer optional—they are must-haves.

  • Lock the “Front Door”: Never expose your firewall’s management interfaces (such as FortiGate’s UI) directly to the public internet. Access should only be possible through a secure, internal management network or a trusted VPN.

  • Enforce Multi-Factor Authentication (MFA): The most common entry point in this campaign was weak credentials. Implementing MFA across all administrative and VPN accounts provides the critical “second lock” that AI-assisted brute force struggles to bypass.

  • Decouple Your Passwords: Ensure that SSL-VPN passwords are distinct from Active Directory (AD) credentials. If an attacker breaches the VPN, unique passwords prevent them from immediately pivoting to your domain controller.

  • Harden Your Safety Net: Backup infrastructure like Veeam is a primary target. Isolate your backup servers from the main production network and use immutable backups that cannot be deleted or encrypted by a rogue script.

  • Prioritise Patching: The attacker in this case moved on from “locked-down” systems to easier targets. Regular patching of known vulnerabilities (like those in QNAP or Veeam) removes the low-hanging fruit that AI scanners look for.

  • Adopt Holistic Monitoring: Much like the WebOrion approach, don’t just rely on a Web Application Firewall (WAF). Use active monitoring tools that can detect anomalous “AI-like” patterns—such as rapid, automated reconnaissance—and alert your team in real-time.

The ongoing crusade against cyber threats is a marathon, not a sprint. By implementing these foundational security layers, you significantly raise the cost of entry for hackers, forcing them to look elsewhere for an easier “house” to rob.

Martin Dale Bolima

Martin has been a Technology Journalist at Asia Online Publishing Group (AOPG) since July 2021, tasked primarily to handle the company’s Disruptive Tech Asia and Disruptive Tech News online portals. He also contributes to Cybersecurity ASEAN and Data&Storage ASEAN, with his main areas of interest being artificial intelligence and machine learning, cloud computing and cybersecurity. A seasoned writer and editor, Martin holds a degree in Journalism from the University of Santo Tomas in the Philippines. He began his professional career back in 2006 as a writer-editor for the University Press of First Asia, one of the premier academic publishers in the Philippines. He next dabbled in digital marketing as an SEO writer while also freelancing as a sports and features writer.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *