Russian-speaking, financially motivated attackers have been observed leveraging commercial generative artificial intelligence (AI) services to compromise more than 600 FortiGate devices in 55 countries.
This is according to new findings from Amazon Threat Intelligence, which observed activity from January 11, 2026 to February 18, 2026.
CJ Moses, chief information security officer (CISO) at Amazon Integrated Security, said in the report, “We did not observe any exploitation of the FortiGate vulnerability. Instead, this campaign succeeded by exploiting exposed management ports and weak credentials through single-factor authentication. These fundamental security gaps were helped by AI to exploit at scale by unsophisticated attackers.”
The tech giant explained that threat actors have limited technical capabilities and overcame them by relying on multiple commercially generated AI tools to perform various stages of the attack cycle, including tool development, attack planning, and command generation.
While one AI tool served as the primary backbone of the operation, the attackers also relied on a second AI tool as a fallback to help pivot within specific compromised networks. The name of the AI tool has not been disclosed.
This actor is assessed to be motivated by financial gain and not associated with advanced persistent threats (APT) from state-sponsored resources. As Google recently highlighted, generative AI tools are increasingly being adopted by attackers to scale and accelerate their operations, even if they don’t have new uses for the technology.
Rather, the emergence of AI tools means that functions that were once off-limits to novice or technically challenged attackers are increasingly viable, lowering the barrier to entry for cybercriminals and allowing them to devise attack methods.
“They are likely economically motivated individuals or small groups who, through the enhancement of AI, have achieved operational scale that previously would have required much larger and more skilled teams,” Moses said.
Amazon’s investigation into the attacker’s activities revealed that the attacker compromised multiple organizations’ Active Directory environments, extracted complete credential databases, and even penetrated the targets’ backup infrastructure prior to deploying the ransomware.
What’s interesting here is that rather than devise a way to survive within a hardened environment or one with advanced security controls, the attackers chose to abandon their target entirely and move on to a relatively benign victim. This shows that AI is being used as a way to close the skills gap to make picking easier.
Amazon said it has identified publicly accessible infrastructure controlled by the attackers that was hosting various artifacts related to the campaign. This includes AI-generated attack plans, victim configurations, and source code for custom tools. The overall modus operandi resembles an “AI-powered cybercrime assembly line,” the company added.
At the core of this attack, attackers were able to compromise the FortiGate appliance and extract the complete device configuration, which allowed them to collect credentials, network topology information, and device configuration information.
This included a systematic scan of FortiGate management interfaces exposed to the internet via ports 443, 8443, 10443, and 4443, followed by an attempt to authenticate using commonly reused credentials. This activity was sector agnostic and represented automated mass scanning of vulnerable appliances. The scan occurred from IP address 212.11.64.[.]250.
The stolen data was then used to penetrate deep into the target’s network and perform post-exploitation activities such as reconnaissance vulnerability scanning using Nuclei, Active Directory compromise, credential capture, and access to backup infrastructure in line with typical ransomware operations.
According to data collected by Amazon, the scanning activity resulted in an organization-level compromise that resulted in access to multiple FortiGate devices belonging to the same entity. Compromised clusters have been detected across South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia.
“After gaining VPN access to the victim’s network, the attacker deploys different versions of custom reconnaissance tools written in both Go and Python,” the company said.
“Analysis of the source code revealed clear signs of AI-assisted development: redundant comments that simply restate function names, a simplified architecture with a disproportionate investment in format over functionality, simple JSON parsing with string matching rather than proper deserialization, and built-in language compatibility shims with empty documentation stubs.”
Here are some of the other steps threat actors take after the reconnaissance phase:
Compromise a domain via a DCSync attack. Moves laterally through networks via pass-the-hash/pass-the-ticket attacks, NTLM relay attacks, and remote command execution on Windows hosts. Targets Veeam Backup & Replication servers and deploys credential harvesting tools and programs designed to exploit known Veeam vulnerabilities, such as CVE-2023-27532 and CVE-2024-40711.
Another notable finding is a pattern of repeated failures when attackers try to exploit something beyond the “simplest, automated attack vectors,” with the attackers’ own documentation noting that their targets have either patched the service, closed required ports, or do not have vulnerable exploitation vectors.
With Fortinet appliances becoming attractive targets for threat actors, it is important for organizations to ensure that management interfaces are not exposed to the Internet, change default and common credentials, rotate SSL-VPN user credentials, implement multi-factor authentication for management and VPN access, and audit unauthorized management accounts or connections.
It’s also important to isolate backup servers from general network access, ensure all software programs are up to date, and monitor for unintended network exposure.
“This trend is expected to continue in 2026, so organizations should expect a continued increase in the amount of AI-enhanced threat activity from both skilled and unskilled attackers,” said Moses. “A strong defense foundation remains the most effective countermeasure: perimeter device patch management, credential hygiene, network segmentation, and robust detection of post-exploitation indicators.”
Source link
