A financially motivated threat actor exploited various commercial generative AI services to compromise over 600 FortiGate devices across more than 55 countries between January 11 and February 18, 2026.
The campaign marks a defining demonstration of how AI is lowering the technical entry barrier to offensive cyber operations, enabling a low- to medium-skilled individual or small group to execute attacks at a scale that previously required a significantly larger, more skilled team.
The threat actor’s initial access relied entirely on credential-based exploitation of FortiGate management interfaces exposed to the internet; no zero-day vulnerabilities or novel techniques were involved.
Through systematic scanning across ports 443, 8443, 10443, and 4443, the attacker identified appliances running weak or reused credentials with single-factor authentication.
Extracted FortiGate configuration files proved to be high-value targets, containing SSL-VPN user credentials with recoverable passwords, administrative credentials, complete network topology data, IPsec VPN peer configurations, and firewall policies revealing internal architecture.
These configurations were parsed, decrypted, and organized using AI-assisted Python scripts, enabling efficient large-scale credential harvesting.
Targeting was opportunistic rather than sector-specific, consistent with automated mass scanning. However, Amazon Threat Intelligence identified organizational-level compromise patterns where multiple FortiGate devices belonging to the same entity were accessed, including clusters associated with managed service provider deployments.
Concentrations of compromised devices were observed across South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia.
AI as the Operational Backbone
Amazon Threat Intelligence confirmed the threat actor relied on at least two distinct commercial large language model providers across every phase of operations.
One LLM acted as the primary tool developer and attack planner, while a second served as a supplementary assistant for pivoting within compromised networks.
In one documented instance, the actor submitted a complete victim network topology, including IP addresses, hostnames, active credentials, and identified services, directly into an AI service and requested step-by-step lateral movement guidance.
Amazon analysts characterized the operation as an “AI-powered assembly line for cybercrime.”
Post-exploitation activity followed a structured methodology. The actor deployed Meterpreter with the Mimikatz module to perform DCSync attacks against domain controllers, successfully extracting complete NTLM credential databases from multiple Active Directory environments.
In at least one confirmed compromise, the Domain Administrator account used a plaintext password either reused from the FortiGate configuration or independently weak.
Lateral movement was conducted through pass-the-hash, pass-the-ticket, and NTLM relay attacks. Veeam Backup & Replication servers were specifically targeted using PowerShell scripts and compiled decryption tools, as compromising backup infrastructure positions the actor to destroy recovery capabilities ahead of ransomware deployment.
Despite the scale, Amazon’s analysis revealed consistent skill limitations. The threat actor repeatedly failed against hardened environments, documented in their own operational notes, and abandoned targets with effective defenses rather than persisting in a pattern confirming their advantage lies in AI-augmented efficiency and volume, not technical depth.
Their AI-generated reconnaissance framework, written in Go and Python, exhibited hallmarks of unsophisticated development: redundant comments restating function names, naive JSON parsing via string matching, and empty documentation stubs.
| CVE ID | Affected Product | CVSS Score | Description |
|---|---|---|---|
| CVE-2019-7192 | FortiOS | 9.8 | Path traversal allowing unauthenticated credential access |
| CVE-2023-27532 | Veeam Backup & Replication | 7.5 | Unauthenticated API access for credential extraction |
| CVE-2024-40711 | Veeam Backup & Replication | 9.8 | Remote Code Execution via deserialization flaw |
Amazon responded by sharing indicators of compromise with relevant industry partners to coordinate disruption across affected countries.
Organizations running FortiGate appliances should immediately remove management interfaces from internet exposure, enforce multi-factor authentication for all VPN and administrative access, rotate SSL-VPN and administrative credentials, and audit Active Directory for DCSync activity (Event ID 4662).
Given this campaign’s reliance on legitimate open-source tools, including Impacket, gogo, and Nuclei behavioral detection, over traditional signature-based IOC approaches, it is strongly recommended to monitor for anomalous VPN authentication patterns, unexpected Active Directory replication, and unauthorized PowerShell module loading on backup servers.
IOCs
| IOC Value | IOC Type | First Seen | Last Seen | Annotation |
|---|---|---|---|---|
| 212[.]11[.]64[.]250 | IPv4 | Jan 11, 2026 | Feb 18, 2026 | Threat actor infrastructure used for scanning and exploitation operations |
| 185[.]196[.]11[.]225 | IPv4 | Jan 11, 2026 | Feb 18, 2026 | Threat actor infrastructure used for threat operations |
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Hackers Leveraging Multiple AI Services to Compromise 600+ FortiGate Devices appeared first on Cyber Security News.
