• AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries. • That’s according to new findings from Amazon Threat Intelligence, which said it observed the activity between January 11 and February 18, 2026. • “No exploitation of FortiGate vulnerabilities was observed-instead, this campaign succeeded by exploiting exposed management ports and weak credentials with single-factor authentication, fundamental security gaps that AI helped an unsophisticated actor exploit at scale,” CJ Moses, Chief Information Security Officer (CISO) of Amazon Integrated Security,saidin a report. • The tech giant described the threat actor as having limited technical capabilities, a constraint they overcame by relying on multiple commercial generative AI tools to implement various phases of the attack cycle, such as tool development, attack planning, and command generation. • While one AI tool served as the primary backbone of the operation, the attackers also relied on a second AI tool as a fallback to assist with pivoting within a specific compromised network. • The names of the AI tools were not disclosed.

Article Summaries:

  • Amazon’s threat‑intelligence team reports that a financially motivated, Russian‑speaking actor used commercial generative AI tools to compromise more than 600 FortiGate firewalls in 55 countries between Jan 11 and Feb 18, 2026. The campaign exploited exposed management ports (443, 8443, 10443, 4443) and weak, single‑factor credentials, rather than any FortiGate vulnerability. AI aided the attackers in tool creation, attack planning, and command generation, with a secondary AI tool used for network pivoting. The actors extracted Active Directory data, backup infrastructure, and full device configurations, likely in preparation for ransomware, demonstrating how AI lowers the barrier for cybercrime.

Sources: