AI-Assisted Threat Actor Damages 600+ FortiGate Devices in 55 Countries
A Russian-speaking, financially motivated threat actor has been spotted using commercial artificial intelligence (AI) services to compromise more than 600 FortiGate devices located in 55 countries.
That’s according to new findings from Amazon Threat Intelligence, which says it saw activity between January 11 and February 18, 2026.
“No exploits of the FortiGate vulnerability were observed—instead, this campaign succeeded by exploiting exposed management ports and weak credentials through single-factor authentication, basic security gaps that AI helped an unintelligent actor exploit at a high level,” CJ Moses, Chief Information Security Officer (CISO) of Amazon Integrated Security.
The tech giant described the threat actor as having limited technical capabilities, an obstacle they overcome by relying on many commercially available AI tools to implement various stages of the attack cycle, such as tool development, attack planning, and command generation.
While one AI tool serves as the main operational backbone, attackers also rely on a second AI tool as a fallback to help navigate within a particular vulnerable network. The names of the AI tools were not disclosed.
The threat actor is assessed to be driven by financial gain and not associated with any ongoing threat (APT) and state-sponsored resources. As recently highlighted by Google, AI productivity tools are widely used by threat actors to standardize and accelerate their operations, even if they do not equip them with novel uses of the technology.
If anything, the emergence of AI tools shows that skills that were previously restricted to novice or technically challenged threat actors are becoming increasingly possible, further lowering the barrier to entry for cybercriminals and enabling them to come up with new ways to attack.
“It’s possible that they’re financially motivated or a small group, with the boost of AI, they’ve achieved a level of performance that would have required a much larger and more skilled group,” Mose said.
Amazon’s investigation into the activity of the threat actors revealed that they successfully compromised the Active Directory environment of many organizations, releasing complete information, and targeting backup infrastructure, which may have led to the use of ransomware.
What is interesting here is that instead of inventing methods to persist in a strong environment or those that have used complex security controls, the threatening actor chose to abandon this point altogether and go to a soft victim. This shows the use of AI as a way to bridge their skills gap for easy selection.
Amazon said it identified publicly accessible infrastructure owned by the attackers that hosted various artifacts related to the campaign. These include AI-generated attack programs, victim optimizations, and source code for custom tools. The entire modus operandi is like an “AI-powered assembly line for cybercrime,” the company added.
At its core, the attack enabled the threat actor to compromise the FortiGate’s electronics, allowing it to extract the device’s full configuration, making it possible to glean credentials, network topology information, and device configuration information.
This involves systematic scanning of the FortiGate’s network-exposed management connections on all ports 443, 8443, 10443, and 4443, followed by authentication attempts using commonly reused credentials. The work was industry-leading, showing many automated scans of vulnerable devices. Scans from IP address 212.11.64[.]250.
The stolen data was then used to infiltrate target networks and perform post-exploitation activities, including vulnerability reassessment using Nuclei, Active Directory compromise, data harvesting, and attempts to access backup infrastructure consistent with typical ransomware activities.
Data collected by Amazon shows that the scanning activity caused a compromise at the organization level, causing multiple FortiGate devices of the same enterprise to be accessed. Threatened populations have been found throughout South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia.
“After the VPN accesses the victim’s networks, the threat actor uses a custom inspection tool, with different versions written in both Go and Python,” the company said.
“Analysis of the source code reveals clear indications of AI-assisted development: unnecessary comments that repeat function names, simple structure and disproportionate investment in overhead formatting, empty JSON parsing with string matching instead of proper parsing, and built-in language compatibility with empty text strings.”
Some of the steps taken by the threat actor following the screening phase are listed below –
- Access domain vulnerabilities with DCSync attacks.
- Pass-the-hash/pass-the-ticket attacks, NTLM relay attacks, and remote command execution on Windows hosts.
- Point Veeam Backup & Replication servers to release validation tools and programs intended to exploit known Veeam vulnerabilities (eg, CVE-2023-27532 and CVE-2024-40711).
Another notable finding is the threat actor’s pattern of repeatedly failing when attempting to exploit anything beyond “highly targeted, automated attack methods,” with their documentation that the targets had removed resources, closed the necessary holes, or had no exploits.
As Fortinet appliances are becoming an attractive target for threat actors, it is important for organizations to ensure that administrator links are not exposed to the Internet, change default and common credentials, rotate SSL-VPN user credentials, use multi-factor authentication to control VPN access, and investigate unauthorized administrative accounts or connections.
It’s also important to isolate backup servers from regular network access, ensure all software programs are up-to-date, and check for unintended network exposure.
“As we expect this trend to continue into 2026, organizations should expect that AI-augmented threat activity will continue to grow in number from both skilled and unskilled adversaries,” Moses said. “Strong defense foundations remain the most effective countermeasures: patch management of perimeter devices, clean authentication, network isolation, and robust detection of post-exploitation indicators.”
