AI-Assisted Attack Breached 600+ Firewalls in 38 Days: Network Security Steps Every Business Needs Now
Photo by Albert Stoynov on Unsplash
- A financially motivated, Russian-speaking threat actor used commercial generative AI — including DeepSeek and Anthropic's Claude — to compromise more than 600 FortiGate firewall devices across 55+ countries in under six weeks.
- AWS CISO CJ Moses described the attacker as "unsophisticated," yet a custom AI-powered framework called ARXON enabled the campaign to operate at enterprise scale entirely without exploiting any software flaws.
- The attack succeeded by targeting exposed management ports and weak credentials protected only by single passwords — gaps that exist in countless organizations today.
- Fortinet's 2026 Global Threat Landscape Report recorded 7,831 confirmed ransomware victims globally, a 389% year-over-year increase, with AI-enabled cybercrime cited as a primary driver.
What Happened
According to CRN, drawing on a public disclosure published on the AWS Security Blog, Amazon Web Services CISO CJ Moses detailed a sweeping intrusion campaign that ran from January 11 through February 18, 2026 — a span of roughly 38 days. During that window, a single financially motivated threat actor with Russian-language ties managed to breach more than 600 FortiGate firewall devices distributed across 55 or more countries. What set this campaign apart was not the attacker's technical sophistication, but the AI toolkit they assembled to compensate for the skills they lacked.
The actor deployed a custom framework known as ARXON, which was designed to query multiple commercial large language models (LLMs — AI systems trained to generate human-like text, code, and structured plans) including DeepSeek and Anthropic's Claude. ARXON fed reconnaissance data (information gathered by scanning target systems before an attack begins) into these AI services, which returned structured attack plans, command sequences, and tooling recommendations tailored to each identified target. The result was a threat actor operating with the analytical capacity of a seasoned intrusion team at a fraction of the human skill cost.
Critically, no zero-day vulnerabilities (previously unknown software flaws with no available patch) were needed. Every single compromise in this campaign was enabled by two configuration failures: management interfaces left accessible from the public internet and authentication systems protected by nothing more than a single username and password. Moses's decision to publish a detailed threat intelligence report on an active, ongoing campaign is itself significant — major cloud providers rarely release this level of operational detail publicly, signaling that AI-lowered attack barriers warrant broad industry awareness rather than quiet internal handling.
Photo by Patrick Konior on Unsplash
Why It Matters for Your Organization's Security
This incident fundamentally challenges an assumption that many security teams have relied on for years: that large-scale, multi-country intrusion campaigns require advanced, well-resourced adversaries. That assumption is now demonstrably outdated, and the implications for security awareness across all organization sizes are direct and urgent.
Moses articulated the core problem in the AWS Security Blog post: "No exploitation of FortiGate vulnerabilities was observed — instead, this campaign succeeded by exploiting exposed management ports and weak credentials with single-factor authentication, fundamental security gaps that AI helped an unsophisticated actor exploit at scale." That framing matters because it shifts the conversation away from zero-days and nation-state sophistication and toward the unglamorous configuration failures that persist in the majority of real-world networks — including those of small and mid-sized businesses.
The volume data reinforces how severe this trend has become. Fortinet's 2026 Global Threat Landscape Report, published April 30, 2026, recorded 7,831 confirmed ransomware victims globally — a 389% year-over-year surge from roughly 1,600 victims in the prior year's equivalent report. The report describes today's cybercrime ecosystem as a fully industrialized, semi-autonomous system in which agentic AI (AI capable of planning and executing multi-step tasks without continuous human direction) drives end-to-end attack lifecycles. This is no longer a future risk scenario — it is documented production activity.
Speed is being compressed at a rate that is outpacing traditional patch management. FortiGuard Intelligence data shows the average time-to-exploit (TTE) for critical vulnerabilities — the window between a flaw being disclosed and threat actors actively weaponizing it — has collapsed to just 24 to 48 hours, down from a prior benchmark of 4.76 days. For organizations running monthly or quarterly patch cycles, that compression represents a serious data protection gap. Attackers are through the door before many organizations have even read the advisory.
For networks with any internet-facing management interface — firewalls, VPN gateways, routers, or network-attached storage — that is not protected by multi-factor authentication, the attack surface described in this campaign is present right now. Cybersecurity best practices have recommended eliminating public-facing administrative access for years. What has changed is the cost of ignoring that guidance: AI frameworks like ARXON can now survey thousands of potential targets simultaneously, automatically flagging the most accessible ones for follow-on exploitation without any human operator reviewing results in real time.
The incident response burden following a firewall-level compromise is also substantial. An attacker with persistent access to a perimeter device can intercept network traffic, pivot laterally into internal systems, deploy ransomware payloads, or quietly exfiltrate sensitive data over days or weeks before any alert fires. The 38-day duration of this campaign strongly suggests that a significant portion of affected organizations had no effective detection layer on their perimeter hardware. Revisiting data protection strategies at the network edge — not just at endpoints — is a direct takeaway from this disclosure.
The AI Angle
The documented use of commercial LLMs across every phase of the ARXON campaign — tool development, reconnaissance analysis, attack planning, and live command generation — marks a qualitative shift in how generative AI is being operationalized as a weapon. This is not theoretical future risk; it is confirmed, published threat intelligence from a production campaign affecting hundreds of organizations.
The defensive side of the AI equation is also maturing. Platforms such as CrowdStrike Falcon and SentinelOne deploy behavioral detection models that analyze endpoint and network telemetry continuously, identifying anomalies that signature-based detection (tools that only recognize previously catalogued attack patterns) would miss entirely. For perimeter-focused threats specifically, network detection and response tools such as Darktrace apply machine learning to traffic flows, building a baseline of normal behavior and surfacing deviations — precisely the kind of detection that would flag an ARXON-style reconnaissance sweep probing management ports at scale.
Security awareness training is evolving to meet this moment as well, with platforms beginning to incorporate AI-assisted attack simulations that prepare teams to recognize the artifacts of automated campaigns rather than only classic, manually operated intrusions. As Moses stated publicly: "As we expect this trend to continue in 2026, organizations should anticipate that AI-augmented threat activity will continue to grow in volume from both skilled and unskilled adversaries."
What Should You Do? 3 Action Steps
Conduct an immediate inventory of every network device in your environment — firewalls, VPN concentrators, routers, switches, and NAS systems — and verify that administrative management interfaces are not reachable from the public internet. Use firewall rules or access control lists (ACLs — rules that define which traffic is allowed or denied) to restrict management access to specific internal IP ranges, or require a VPN connection before any administrative session is permitted. This single configuration change eliminates the primary attack vector used across all 600+ compromises documented in the AWS disclosure. External scanning tools such as Shodan or Censys allow organizations to view their own internet-facing exposure the same way an attacker running ARXON would — running that check proactively is a foundational cybersecurity best practice that costs nothing.
Single-factor authentication — a username and password alone — is no longer an acceptable control for any device with network or administrative significance. Enable MFA (multi-factor authentication, which requires a second verification step such as an app-generated code or hardware key in addition to a password) on all firewalls, VPN gateways, cloud management consoles, and privileged workstations without exception. Authenticator apps such as Microsoft Authenticator or Duo Security provide strong second factors; hardware security keys such as YubiKey offer the highest assurance for the most sensitive access points. For enterprise environments, pairing MFA with a privileged access management (PAM) solution ensures that administrative credentials are also rotated, vaulted, and fully audited. The entire ARXON campaign rested on the absence of this single layer — adding it closes the primary route of entry documented in this incident response case study.
With time-to-exploit for critical vulnerabilities now measured in hours rather than days, monthly patching windows are functionally equivalent to no patching window for high-severity issues on internet-facing infrastructure. Establish a dedicated emergency patching track for critical and high-severity CVEs (Common Vulnerabilities and Exposures — the standardized catalog of publicly known security flaws) targeting a 24- to 48-hour remediation window for perimeter devices. Pair this with active threat intelligence subscriptions: CISA's Known Exploited Vulnerabilities catalog is free and continuously updated, Fortinet's FortiGuard feed provides vendor-specific early warnings, and commercial threat intelligence platforms offer broader coverage. Cybersecurity best practices recommend integrating these feeds directly into your patch prioritization workflow so the highest-risk disclosures automatically escalate to emergency status. For organizations with limited internal security staff, a managed detection and response (MDR) provider can absorb both the monitoring burden and the data protection response function, acting as a real-time early warning system aligned with current threat activity.
Frequently Asked Questions
How can an unsophisticated hacker use commercial AI tools to break into enterprise firewalls?
Commercial generative AI tools — the same LLMs used for writing, coding, and analysis — can be queried to interpret reconnaissance scan data, suggest targeted attack sequences, and generate device-specific command syntax. The ARXON framework documented in the AWS threat intelligence disclosure automated this entire process: it fed data from network scans of exposed FortiGate devices into AI models that returned structured exploitation plans requiring minimal operator expertise to execute. No deep technical background was required on the attacker's side; the AI handled the knowledge translation. This is precisely why security awareness about eliminating exposed management interfaces and enforcing multi-factor authentication matters regardless of who the attacker is — the skills gap that once protected many organizations is now being bridged by readily available AI services.
How do I check whether my organization's firewall is exposed to this type of AI-driven credential attack?
The attack described in the AWS disclosure did not require any software flaw in FortiGate products. It required only two conditions: a management interface reachable from the public internet, and authentication relying solely on a username and password without a second factor. To assess your exposure, verify in your firewall's administrative console that the management interface is bound exclusively to internal network interfaces rather than the WAN (internet-facing) interface. Additionally, search your organization's public IP ranges on Shodan (shodan.io) to see which ports and services are visible externally — the same reconnaissance step an ARXON-equipped attacker would perform. For a comprehensive data protection review, engage a qualified cybersecurity professional to conduct a formal external attack surface assessment and validate your authentication configurations against current threat intelligence on active campaigns.
What exactly is the ARXON framework and how does it integrate AI into the attack lifecycle?
ARXON is the custom intrusion framework used by the threat actor profiled in the AWS Security Blog disclosure. It operates by connecting to multiple commercial large language model APIs — in this documented campaign, including DeepSeek and Anthropic's Claude — to automate the cognitive planning work involved in network intrusions. An operator feeds ARXON reconnaissance data gathered from target network scans, and the framework queries its AI backends to return structured attack plans, tool configurations, and command sequences calibrated to the specific devices identified. In effect, it functions as an AI consultant for attackers, converting raw scan output into actionable step-by-step exploitation guidance. From a threat intelligence perspective, ARXON represents a category of AI-augmented attack framework that security researchers expect to proliferate as commercial LLM APIs become cheaper and more capable, further reducing the technical barrier for financially motivated cybercriminals.
How quickly do organizations need to patch critical vulnerabilities now that AI is accelerating cyberattacks?
FortiGuard Intelligence data from 2026 puts the current average time-to-exploit for critical vulnerabilities at 24 to 48 hours — down sharply from a prior benchmark of 4.76 days. AI-accelerated reconnaissance and automated weaponization tools are the primary drivers of that compression. In practical terms, organizations should treat critical CVEs affecting internet-facing infrastructure as requiring same-business-day or next-business-day patching, not weekly or monthly cycles. This means establishing a tiered patch management process: critical vulnerabilities on perimeter devices trigger an emergency track with immediate escalation to the team responsible for incident response, while lower-severity issues follow standard cycles. Automated patch management solutions integrated with threat intelligence feeds — such as those from CISA or your vendor's security advisory service — can help prioritize and accelerate deployment decisions without requiring manual triage of every published advisory.
What cybersecurity best practices protect small businesses from AI-powered large-scale hacking campaigns?
Small businesses face the same exposed attack surface as enterprises but typically without dedicated security operations staff to monitor and respond. The highest-impact cybersecurity best practices in the current AI threat environment are: first, remove all administrative management interfaces for routers, firewalls, and storage devices from public internet accessibility — this eliminates the exact attack vector used in the FortiGate campaign at no additional cost; second, enable multi-factor authentication on every login that matters, including cloud service consoles, VPN access, email platforms, and any device with administrative capabilities; third, subscribe to at least one active threat intelligence source such as CISA's free alerts or your hardware vendor's security bulletins to receive early warning before active exploitation campaigns reach your infrastructure; and fourth, establish a basic incident response plan that specifies who is contacted, what systems are isolated, and what external resources are engaged if a compromise is detected. Managed security service providers (MSSPs) bundle monitoring, threat intelligence, and data protection response capabilities at price points scaled for small and mid-sized organizations, and represent a practical option for businesses that cannot staff these functions internally.
Disclaimer: This article is for informational purposes only and does not constitute professional security consulting advice. Always consult with a qualified cybersecurity professional for your specific needs.
Get NewsLens — All 8 Channels in One App
AI-powered news with action steps. Install free, works offline.
No comments:
Post a Comment