AI-powered campaign compromises 600 FortiGate systems worldwide
AI-powered campaign compromises 600 FortiGate systems worldwide
Publish Date: 2026-02-23 05:39:00
Source Domain: securityaffairs.com
AI-powered campaign compromises 600 FortiGate systems worldwide
Pierluigi Paganini
February 23, 2026
A Russian-speaking cybercriminal used commercial generative AI tools to hack over 600 FortiGate devices across 55 countries.
Amazon Threat Intelligence reports that a Russian-speaking, financially motivated threat actor used commercial generative AI services to compromise more than 600 FortiGate devices in 55 countries. The activity, observed between January 11 and February 18, 2026, highlights how cybercriminals are increasingly leveraging AI tools to scale and automate attacks against exposed network infrastructure worldwide.
The attacker did not exploit any FortiGate vulnerabilities. Instead, the threat actor abused exposed management ports and weak single-factor credentials.
“Amazon Threat Intelligence observed a Russian-speaking financially motivated threat actor leveraging multiple commercial generative AI services to compromise over 600 FortiGate devices across more than 55 countries from January 11 to February 18, 2026.” reads the report published by Amazon. “No exploitation of FortiGate vulnerabilities was observed—instead, this campaign succeeded by exploiting exposed management ports and weak credentials with single-factor authentication, fundamental security gaps that AI helped an unsophisticated actor exploit at scale.”
Researchers found the actor used multiple commercial GenAI tools to automate and scale familiar attack techniques, despite limited skills.
During routine monitoring, Amazon experts uncovered infrastructure hosting the attacker’s tools, along with AI-generated attack plans, victim configs, and custom code, offering rare insight into an AI-driven workflow. The actor scanned the Internet for exposed FortiGate management ports, abused weak credentials, and stole full configurations containing VPN, admin, and network data.
“Following VPN…
