"The cloud giant's security team says the actor used multiple commercial AI tools to generate attack playbooks, scripts, and operational notes, effectively allowing a relatively low-skilled outfit to run a campaign that would previously have required more people or time. Investigators even found evidence of AI-generated code and planning artifacts on compromised infrastructure, suggesting the tools were embedded throughout the workflow rather than just used for the odd bit of scripting."
"AWS says the financially motivated Russian-speaking crew behind the campaign scanned for exposed FortiGate management interfaces, tried commonly reused or weak credentials, and then hoovered up configuration files once inside, giving them a roadmap of victim networks. From there, they moved deeper into environments, going after Active Directory, dumping credentials, and probing for ways to move laterally. Backup systems, including Veeam servers, were also on the shopping list."
The campaign ran from mid-January to mid-February and impacted more than 600 internet-exposed FortiGate firewalls across 55 countries. A financially motivated Russian-speaking group scanned for exposed FortiGate management interfaces and attempted commonly reused or weak credentials to gain access. Attackers exfiltrated configuration files containing administrator and VPN credentials, network topology, and firewall rules, enabling deeper intrusion. The actor used multiple commercial generative AI tools to produce playbooks, scripts, and operational notes, with AI-generated code and artifacts found on compromised systems. Once inside, the group pursued Active Directory, dumped credentials, probed lateral movement paths, and targeted backup systems such as Veeam. Observed tooling was functional but rudimentary, indicating small teams can scale operations using AI-assisted development.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]