A Russian-speaking, financially motivated threat actor has been observed leveraging commercial generative artificial intelligence (AI) services to compromise more than 600 FortiGate appliances located in 55 countries.
This is according to new findings from Amazon Threat Intelligence, which said it observed activity between January 11 and February 18, 2026.
“No exploitation of the FortiGate vulnerabilities was observed – instead, this campaign succeeded by exploiting exposed management ports and weak credentials with single-factor authentication, fundamental security gaps that the AI helped an unsophisticated actor exploit at scale,” CJ Moses, chief information security officer (CISO) at Amazon Integrated Security, said in a report.
The tech giant described the threat actor as having limited technical capabilities, a hurdle they overcame by relying on several commercial generative AI tools to implement various stages of the attack cycle, such as tool development, attack planning, and command generation.
While one AI tool served as the primary backbone of the operation, attackers also relied on a second AI tool to help pivot within a specific compromised network. The names of the AI tools were not disclosed.
It has been assessed that the threat actor is motivated by financial gain and is not associated with any advanced persistent threat (APT) with state-sponsored resources. As recently highlighted by Google, generic AI tools are being increasingly adopted by threat actors to enhance and accelerate their operations, even if they do not equip them with new uses of technology.
If anything, the emergence of AI tools demonstrates how capabilities that were once beyond the range of novice or technically challenged threat actors are becoming increasingly viable, lowering the barrier to entry for cybercrime and enabling them to come up with new attack methods.
“They are likely financially motivated individuals or small groups who have achieved an operational scale through AI enhancements that previously would have required significantly larger and more skilled teams,” Moses said.
Amazon’s investigation of the threat actor’s activity revealed that they successfully compromised multiple organizations’ Active Directory environments, extracted entire credential databases, and even targeted backup infrastructure leading to ransomware deployment.
What is interesting here is that rather than devising ways to survive in an environment that is harsher or employing sophisticated security controls, the threat actor abandoned the target altogether and chose to move towards a relatively softer victim. This points to the use of AI as a way to bridge their skill gap for easier selection.
Amazon said it has identified publicly accessible infrastructure managed by the attackers, which hosted various artifacts related to the campaign. It included source code for AI-generated attack plans, victim configuration, and custom tooling. The company said the entire methodology is akin to an “AI-powered assembly line for cyber crime.”
At its core, the attacks enabled the threat actor to break into FortiGate devices, allowing him to extract the full device configuration, which, in turn, made it possible to collect credentials, network topology information, and device configuration information.
This involved systematic scanning of FortiGate management interfaces exposed to the Internet on ports 443, 8443, 10443, and 4443, followed by attempts to authenticate using commonly reused credentials. The activity was sector-agnostic, indicating automated mass scanning for vulnerable devices. Scan started from IP address 212.11.64[.]250.
The stolen data was then used to penetrate deeply into the targeted network and conduct post-exploitation activities, including reconnaissance for vulnerability scanning using Nuclei, Active Directory compromise, credential harvesting, and attempts to access backup infrastructure aligned with specific ransomware operations.
Data collected by Amazon shows that the scanning activity resulted in compromise at the organizational level, allowing access to multiple FortiGate devices belonging to the same entity. Compromised clusters have been detected in South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia.
“After gaining VPN access to the victim network, the threat actor deploys a custom reconnaissance tool, with different versions written in both Go and Python,” the company said.
“Analysis of the source code reveals clear indicators of AI-assisted development: redundant comments that merely restate function names, simple architecture with disproportionate investment in formatting over functionality, naive JSON parsing through string matching instead of proper deserialization, and language compatibility shims for the underlying language with empty document stubs.”
Some other steps taken by the threat actor after the reconnaissance phase are listed below –
- Achieve domain compromise via DCSync attacks.
- Move laterally across the network via pass-the-hash/pass-the-ticket attacks, NTLM relay attacks, and remote command execution on Windows hosts.
- Target Veeam Backup and Replication servers to deploy credential harvesting tools and programs intended to exploit known Veeam vulnerabilities (for example, CVE-2023-27532 and CVE-2024-40711).
Another notable finding is the threat actor’s pattern of running into repeated failures when trying to exploit anything beyond the “most direct, automated attack path”, with their own documentation recording that the target had either patched services, closed required ports, or had no vulnerable exploit vectors.
Fortinet appliances are becoming an attractive target for threat actors, so it is essential that organizations ensure that the management interface is not exposed to the Internet, change default and common credentials, rotate SSL-VPN user credentials, enforce multi-factor authentication for administrative and VPN access, and audit unauthorized administrative accounts or connections.
It is also essential to isolate the backup server from general network access, ensure that all software programs are up to date, and monitor for unexpected network exposures.
“As we expect this trend to continue into 2026, organizations should anticipate that AI-augmented threat activity will continue to increase in volume from both skilled and unskilled adversaries,” Moses said. “Strong defensive fundamentals remain the most effective countermeasures: patch management for perimeter devices, credential sanitization, network segmentation, and strong detection for post-exploitation indicators.”
