Executive Summary

A sophisticated, AI-assisted threat campaign has compromised over 600 FortiGate devices in 55 countries, marking a significant escalation in the use of artificial intelligence by cybercriminals. The campaign, first identified by Amazon Threat Intelligence, did not exploit any inherent vulnerabilities in FortiGate software. Instead, the attackers leveraged exposed management interfaces and weak, single-factor credentials, automating reconnaissance and exploitation with commercial AI services. Post-compromise, the threat actor focused on extracting credentials, compromising Active Directory environments, and targeting backup infrastructure, all as part of a pre-ransomware operational phase. This incident underscores the urgent need for robust credential hygiene, network segmentation, and AI-aware defense strategies.

Threat Actor Profile

The threat actor behind this campaign is financially motivated and Russian-speaking, with no direct ties to known Advanced Persistent Threat (APT) groups. Their technical proficiency is assessed as low-to-medium, but their operational capabilities are significantly amplified by the use of commercial AI services. The actor demonstrates opportunistic targeting, focusing on organizations with exposed FortiGate management interfaces and weak authentication practices. Their operational security is poor, as evidenced by the presence of unencrypted operational files and victim data on compromised systems. The campaign is characterized by rapid automation, broad geographic reach, and a focus on pre-ransomware activities rather than immediate extortion.

Technical Analysis of Malware/TTPs

The initial access vector was credential-based, targeting FortiGate management interfaces exposed to the internet on ports 443, 8443, 10443, and 4443. The attackers employed automated scanning to identify vulnerable devices, followed by brute-force attacks or the use of commonly reused credentials. Commercial AI services were instrumental in generating Python and Go scripts for parsing, decrypting, and organizing stolen configurations. Extracted data included SSL-VPN user credentials, administrative credentials, network topology, firewall policies, and IPsec VPN peer configurations.

Post-exploitation activities centered on Active Directory compromise, utilizing tools such as Meterpreter and mimikatz to perform DCSync attacks and extract NTLM password hashes. Lateral movement was achieved through pass-the-hash and pass-the-ticket attacks, NTLM relay, and remote command execution. The attackers also targeted backup infrastructure, particularly Veeam Backup & Replication servers, exploiting known vulnerabilities such as CVE-2019-7192, CVE-2023-27532, and CVE-2024-40711. Custom reconnaissance tools and AI-generated scripts facilitated credential extraction, VPN automation, and network scanning, with open-source tools like gogo and Nuclei playing a supporting role.

AI served as a force multiplier throughout the campaign, enabling the threat actor to generate step-by-step exploitation instructions, attack trees, and operational reports. Multiple scripts and tools exhibited hallmarks of AI generation, including redundant comments and naive parsing logic. At least two commercial large language model (LLM) providers were used for attack planning and tool development, allowing the actor to operate at a scale previously unattainable for individuals or small groups.

Exploitation in the Wild

The campaign's impact was observed across multiple sectors and regions, with clusters of compromised devices in South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia. The targeting was opportunistic rather than sector-specific, with multiple devices within the same organization—particularly managed service providers and large networks—being compromised. The attackers exfiltrated credential databases, compromised Active Directory environments, and targeted backup infrastructure. When encountering hardened environments, the actor typically moved on to easier targets, demonstrating a preference for low-hanging fruit.

The use of AI enabled rapid scaling and automation, allowing a small group or even a single individual to compromise hundreds of devices in a matter of weeks. The campaign highlights the growing threat posed by AI-augmented cybercrime, where automation and machine learning can dramatically increase the speed and scope of attacks.

Victimology and Targeting

Victims spanned 55 countries, with no specific industry or sector being singled out. The opportunistic nature of the campaign meant that any organization with an exposed FortiGate management interface and weak credentials was at risk. Managed service providers and organizations with large, distributed networks were disproportionately affected, as the compromise of a single device often led to lateral movement and further exploitation within the same organization. The attackers showed a particular interest in environments where Active Directory and backup infrastructure could be leveraged for broader compromise or future ransomware deployment.

Mitigation and Countermeasures

To defend against similar AI-assisted campaigns, organizations should immediately audit all FortiGate appliances to ensure management interfaces are not exposed to the internet. All default and administrative credentials must be changed, and SSL-VPN user credentials should be rotated. Multi-factor authentication (MFA) should be enforced for all administrative and VPN access. Configuration files should be reviewed for unauthorized changes, and VPN logs should be audited for unusual geolocations.

Credential hygiene is paramount; organizations must audit for password reuse between FortiGate and Active Directory accounts, enforce unique and complex passwords, and rotate service account credentials, especially for backup systems. Post-exploitation detection measures should include monitoring for DCSync operations (Event ID 4662), new scheduled tasks mimicking Windows services, unusual remote management from VPN pools, LLMNR/NBT-NS poisoning artifacts, and unauthorized access to backup credential stores.

Backup infrastructure must be hardened by isolating backup servers, patching backup software, monitoring for unauthorized PowerShell activity, and implementing immutable backup copies. Regular vulnerability assessments and penetration testing should be conducted to identify and remediate exposed management interfaces and weak authentication practices.

References

AWS Security Blog: AI-augmented threat actor accesses FortiGate devices at scale: https://aws.amazon.com/blogs/security/ai-augmented-threat-actor-accesses-fortigate-devices-at-scale/

The Hacker News: AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries: https://thehackernews.com/2026/02/ai-assisted-threat-actor-compromises.html

BleepingComputer: Amazon: AI-assisted hacker breached 600 Fortinet firewalls in 5 weeks: https://www.bleepingcomputer.com/news/security/amazon-ai-assisted-hacker-breached-600-fortigate-firewalls-in-5-weeks/

Cybersecurity News: Hackers Leveraging Multiple AI Services to Compromise 600+ FortiGate Devices: https://cybersecuritynews.com/600-fortigate-devices-hacked/

Reddit: r/SecOpsDaily - AI-Assisted Threat Actor Compromises 600+ FortiGate Devices: https://www.reddit.com/r/SecOpsDaily/comments/1rat9aq/aiassisted_threat_actor_compromises_600_fortigate/

NVD - CVE-2019-7192: https://nvd.nist.gov/vuln/detail/CVE-2019-7192

NVD - CVE-2023-27532: https://nvd.nist.gov/vuln/detail/CVE-2023-27532

NVD - CVE-2024-40711: https://nvd.nist.gov/vuln/detail/CVE-2024-40711

About Rescana

Rescana empowers organizations to proactively manage third-party risk and supply chain security through our advanced TPRM platform. Our solution provides continuous monitoring, automated risk assessments, and actionable intelligence to help you stay ahead of emerging threats. For questions or further information, we are happy to assist at ops@rescana.com.