Russian group uses AI to exploit weakly-protected Fortinet firewalls, says Amazon
Summary
A Russian-speaking hacker used commercial generative AI services (AI systems that create new content based on patterns in training data) to compromise over 600 Fortinet Fortigate firewalls and steal credentials from hundreds of organizations. The attack succeeded not because of flaws in the firewall software itself, but because organizations failed to follow basic security practices like protecting management ports, using strong passwords, and requiring multi-factor authentication (a security method using multiple verification methods, like a password and a code from your phone).
Solution / Mitigation
Amazon stresses that 'strong defensive fundamentals remain the most effective countermeasure' for similar attacks. This includes patch management for perimeter devices, credential hygiene, network segmentation, and robust detection of post-exploitation indicators.
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://www.csoonline.com/article/4136198/russian-group-uses-ai-to-exploit-weakly-protected-fortinet-firewalls-says-amazon.html
First tracked: February 23, 2026 at 11:00 PM
Classified by LLM (prompt v3) · confidence: 85%