Over the past five weeks, a small but highly coordinated group of hackers has breached more than 600 firewalls in dozens of countries—leveraging widely available artificial intelligence tools to accelerate and scale their attacks, according to new security research from Amazon.com Inc..
The hackers—possibly a small crew or even a lone operator—used commercial generative AI services to rapidly exploit weak security controls, including basic login credentials and single-factor authentication, according to the company’s report. What once would have required a larger, highly skilled team was executed with startling speed and efficiency.
The Russian-speaking attackers used their foothold in security devices spanning 55 countries to push deeper into select victims’ networks, activity that strongly suggested the early stages of coordinated ransomware campaigns, the report said.
The sweeping breaches—described by Amazon.com Inc. as financially driven—underscore a troubling new reality: hackers are increasingly turning to artificial intelligence to streamline, accelerate, and scale their cyberattacks with unprecedented efficiency.
"It’s like an AI-powered assembly line for cybercrime, helping less skilled workers produce at scale," said CJ Moses, who oversees security engineering and operations at Amazon.com Inc., in the report.
The document does not disclose which AI tools were used, nor does it identify the organizations targeted—details that add another layer of unease to an already alarming trend.
Researchers believe the hackers took an opportunistic approach, zeroing in on firewalls with weak protections rather than singling out specific industries, the report said.
The compromised devices were scattered across South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia—underscoring just how far and fast the campaign was able to spread.
When the attackers ran into stronger defenses, they didn’t dig in—they simply pivoted to easier targets, Moses said. And once inside a network, they “largely failed when attempting to exploit anything beyond the most straightforward, automated attack paths,” according to the report—suggesting their AI-fueled efficiency had clear limits when faced with layered, well-configured security.
Last year, a hacker exploited technology developed by Anthropic PBC as part of a sweeping cybercrime operation that affected at least 17 organizations, the company said—calling it an “unprecedented” case of attackers weaponizing a commercially available artificial intelligence tool at scale.
Amazon.com Inc. warns that this is likely just the beginning—and expects more AI-driven cyberattacks to follow.
“Organizations should anticipate that AI-augmented threat activity will continue to grow in volume from both skilled and unskilled adversaries,” Moses said.
