"Over 600 Fortinet FortiGate firewall instances have been hacked in an AI-powered campaign that exploits exposed ports and weak credentials, AWS reports. The attacks, observed between January 11 and February 18, did not target known vulnerabilities. Instead, they focused on the exploitation of exposed device configurations across globally dispersed appliances. According to AWS, the campaign was carried out by an unsophisticated threat actor that relied on multiple commercial gen-AI services to implement known attack techniques."
"Following successful compromise, the hackers were seen leveraging open source offensive tools to extract NTLM password hashes, obtain complete domain credential databases, and move laterally through pass-the-hash/pass-the-ticket attacks. The attackers were also seen targeting Veeam Backup & Replication servers, likely to extract additional credentials and destroy backups in preparation for ransomware attacks. According to AWS, the hackers used at least two commercial LLMs to plan the attacks, generate tools, and assist with the operation, including duration and success rate assessments."
Over 600 Fortinet FortiGate firewall instances were hacked in an AI-powered campaign exploiting exposed management ports and weak credentials between January 11 and February 18. The campaign targeted exposed device configurations rather than known vulnerabilities and relied on opportunistic mass scanning of management interfaces on ports 443, 8443, 10443, and 4443. An unsophisticated actor used multiple commercial generative AI services alongside open-source offensive tools to extract NTLM password hashes, steal domain credential databases, and perform pass-the-hash/pass-the-ticket lateral movement. Attackers also targeted Veeam Backup & Replication servers to obtain credentials and destroy backups in preparation for ransomware. Compromised devices spanned 55 countries, with some clusters tied to MSP or large organizational deployments.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]