Executive Summary

Between January 11 and February 18, 2026, a Russian-speaking, financially motivated threat actor leveraged multiple commercial generative AI services to compromise over 600 Fortinet FortiGate firewalls across more than 55 countries. The campaign did not exploit any known FortiGate vulnerabilities; instead, it targeted exposed management interfaces and weak credentials lacking multi-factor authentication. The attacker used AI-assisted tools to automate scanning, credential harvesting, and post-exploitation activities, including the extraction of SSL-VPN and administrative credentials, network topology, firewall policies, and backup infrastructure configurations. The campaign was sector-agnostic, with concentrations in South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia. The threat actor’s technical limitations were offset by the use of commercial AI services, enabling rapid scaling and automation of attacks. Defensive recommendations include removing management interfaces from public exposure, enforcing strong credentials and multi-factor authentication, rotating all credentials, and hardening backup infrastructure. All findings are directly supported by primary sources from the Amazon Security Blog, BleepingComputer, and The Hacker News.

Technical Information

The incident involved a financially motivated, Russian-speaking threat actor who systematically scanned for exposed FortiGate management interfaces on ports 443, 8443, 10443, and 4443. The attacker exploited weak or commonly reused credentials protected only by single-factor authentication. No exploitation of FortiGate software vulnerabilities was observed. Instead, the attacker’s success relied on poor credential hygiene and the exposure of management interfaces to the public internet (Amazon Security Blog, 20 FEB 2026).

Once access was gained, the attacker used AI-assisted Python and Go scripts to parse, decrypt, and organize stolen configuration files. These files contained SSL-VPN user credentials, administrative credentials, complete network topology, firewall policies, and IPsec VPN peer configurations. The attacker’s operational documentation, written in Russian, detailed the use of open-source tools such as Meterpreter and mimikatz to conduct DCSync attacks against Windows domain controllers and extract NTLM password hashes from the Active Directory database (BleepingComputer, 21 FEB 2026).

The attacker also targeted backup infrastructure, specifically Veeam Backup & Replication servers, using custom PowerShell scripts and compiled credential-extraction tools. Attempts were made to exploit known Veeam vulnerabilities (CVE-2019-7192, CVE-2023-27532, CVE-2024-40711). The attacker’s pattern was to move on to softer targets when encountering patched or locked-down systems, rather than persisting against hardened environments (The Hacker News, 21 FEB 2026).

AI played a critical role in the campaign. The threat actor used at least two commercial large language model providers to generate attack methodologies, develop custom scripts, create reconnaissance frameworks, plan lateral movement strategies, and draft operational documentation. A custom Model Context Protocol (MCP) server named ARXON acted as a bridge between reconnaissance data and commercial large language models. The CHECKER2 Go tool was used to scan thousands of VPN targets in parallel, with logs showing more than 2,500 potential targets across over 100 countries.

The campaign’s targeting was sector-agnostic, consistent with automated mass scanning for vulnerable appliances. Geographic concentrations of compromised devices were observed in South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia. Some clusters suggested managed service provider deployments or large organizational networks.

The attacker’s activities mapped to several MITRE ATT&CK techniques, including T1133 (External Remote Services), T1110 (Brute Force), T1003 (OS Credential Dumping), T1087 (Account Discovery), T1059 (Command and Scripting Interpreter), T1003.006 (DCSync), T1550 (Use Alternate Authentication Material), T1075 (Pass the Hash), T1557 (Adversary-in-the-Middle), T1046 (Network Service Scanning), T1595 (Active Scanning), and T1210 (Exploitation of Remote Services).

Indicators of compromise included the use of infrastructure at 212.11.64.250 and 185.196.11.225 for scanning and exploitation operations between January 11 and February 18, 2026.

Affected Versions & Timeline

The campaign targeted Fortinet FortiGate firewalls with exposed management interfaces, regardless of software version, as no software vulnerabilities were exploited. The attack window was from January 11 to February 18, 2026. The attacker’s methodology relied on the presence of exposed management ports and weak, single-factor credentials, making any unpatched or misconfigured FortiGate device vulnerable during this period (Amazon Security Blog, 20 FEB 2026, BleepingComputer, 21 FEB 2026).

Threat Activity

The threat actor conducted systematic scanning for FortiGate management interfaces exposed to the internet on ports 443, 8443, 10443, and 4443. Authentication attempts were made using commonly reused or weak credentials. Upon successful access, the attacker extracted configuration files containing sensitive credentials and network information. AI-assisted tools were used to parse and decrypt these files, enabling further compromise of internal systems.

Post-exploitation activities included Active Directory compromise via DCSync attacks, credential harvesting, and attempts to access backup infrastructure, particularly Veeam Backup & Replication servers. The attacker used open-source tools such as Meterpreter, mimikatz, gogo, and Nuclei, as well as custom AI-generated reconnaissance frameworks. The campaign was characterized by rapid movement to softer targets when encountering hardened environments, indicating a preference for efficiency and scale over persistence.

A misconfigured server at 212.11.64.250 exposed 1,402 files, including stolen FortiGate configuration backups, Active Directory mapping data, credential dumps, vulnerability assessments, and attack planning documents. The custom ARXON MCP server and CHECKER2 Go tool facilitated large-scale reconnaissance and exploitation.

The attacker’s use of commercial AI services enabled them to overcome technical limitations, automate attack phases, and scale operations to compromise over 600 devices in five weeks. The campaign’s sector-agnostic targeting and geographic spread suggest a focus on opportunistic exploitation rather than specific industries or organizations.

Mitigation & Workarounds

Critical recommendations include immediately removing all FortiGate management interfaces from public internet exposure and enforcing strong, unique credentials with multi-factor authentication for all administrative and VPN access. All SSL-VPN and administrative credentials should be rotated, and organizations should audit for password reuse and unauthorized access. Backup infrastructure, especially Veeam servers, must be hardened and monitored for unauthorized access attempts. Behavioral monitoring should be implemented to detect anomalous VPN logins, unexpected DCSync operations, and the creation of new privileged accounts.

High-priority actions involve reviewing VPN connection logs for connections from unexpected geographic locations and ensuring all backup infrastructure is patched against known vulnerabilities (CVE-2019-7192, CVE-2023-27532, CVE-2024-40711). Medium-priority actions include conducting regular vulnerability assessments of all perimeter devices and internal systems, and ensuring operational documentation and credential storage practices are secure. Low-priority actions involve ongoing staff training on credential hygiene and monitoring for emerging AI-assisted attack methodologies.

References

Amazon Security Blog (20 FEB 2026): https://aws.amazon.com/blogs/security/ai-augmented-threat-actor-accesses-fortigate-devices-at-scale/

BleepingComputer (21 FEB 2026): https://www.bleepingcomputer.com/news/security/amazon-ai-assisted-hacker-breached-600-fortigate-firewalls-in-5-weeks/

The Hacker News (21 FEB 2026): https://thehackernews.com/2026/02/ai-assisted-threat-actor-compromises.html

About Rescana

Rescana provides a third-party risk management (TPRM) platform designed to help organizations identify, assess, and monitor external risks in their digital supply chain. Our platform enables continuous visibility into exposed assets, credential hygiene, and remote access configurations, supporting proactive identification of misconfigurations and vulnerabilities that could be exploited in campaigns similar to the one described in this report. For questions or further information, contact us at ops@rescana.com.