Cyberattacks orchestrated by a Russian-speaking group have impacted organizations in 55 countries, exploiting vulnerabilities in misconfigured firewalls. Research from Amazon Web Services (AWS) indicates that between January 11 and February 18, more than 600 Fortinet FortiGate devices were compromised without any technical vulnerabilities being exploited.
The attackers capitalized on weak credentials protected solely by single-factor authentication, targeting organizations through exposed management ports. CJ Moses, Chief Information Security Officer at AWS, emphasized that these individuals or small groups leveraged generative AI tools to execute well-known attack methods, showcasing their operational efficiency despite limited technical expertise.
The techniques employed included breaching Active Directory environments, stealing password databases, and attempts to infect backup systems, suggesting a potential for ransomware attacks. AWS has clarified that there is no connection between this group and the Russian government, describing their behavior as opportunistic. The report highlights the risks posed by less sophisticated hackers, particularly against organizations utilizing vulnerable devices like FortiGate firewalls, whose configuration files contain critical information.