AI-Assisted Attacker Compromises 600+ FortiGate Firewalls

A Russian-speaking threat actor with limited technical skills leveraged commercial generative AI services to systematically compromise more than 600 FortiGate firewall appliances across 55 countries in just five weeks, according to new research from Amazon Threat Intelligence.

The campaign, which ran from January 11 to February 18, 2026, represents one of the first documented cases of AI-augmented attacks operating at meaningful scale against enterprise network infrastructure.

No Exploits Required

What makes this campaign notable is what it didn't use. The attacker exploited no FortiGate vulnerabilities. Instead, the operation relied entirely on exposed management interfaces and weak credentials with single-factor authentication.

The threat actor systematically scanned for FortiGate management interfaces across ports 443, 8443, 10443, and 4443, then attempted authentication using commonly reused credentials. This mirrors patterns we've seen in previous FortiGate credential-harvesting operations that have plagued the platform.

Compromised devices spanned South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia. The geographic diversity suggests the attacker prioritized quantity over specific targeting.

How AI Filled the Skills Gap

Amazon researchers discovered the attacker had limited technical capabilities—a gap they overcame by relying heavily on AI tools throughout the attack chain.

The threat actor used a tool called ARXON that queried large language models including DeepSeek and Claude to generate structured attack plans. Reconnaissance data extracted from compromised FortiGate appliances was fed into the system, which then produced:

• Step-by-step instructions for gaining Domain Admin access
• Guidance on lateral movement techniques
• Commands for specific post-exploitation activities

Source code analysis revealed AI-generated artifacts throughout the attacker's toolkit: redundant comments, simplistic architecture, and naive JSON parsing that betrayed machine-generated origins.

Post-Exploitation Aligned with Ransomware Prep

Once inside networks, the attacker extracted complete device configurations, credential databases, and network topology information. The subsequent activities strongly suggest ransomware preparation:

1. Active Directory compromise via DCSync attacks
2. Pass-the-hash and pass-the-ticket lateral movement
3. Nuclei-based vulnerability scanning of internal networks
4. Targeting of Veeam backup infrastructure

The focus on backup systems is a signature move. Ransomware operators routinely prioritize backup destruction to maximize pressure on victims. This campaign's pattern aligns with TTPs we've documented in enterprise backup targeting by ransomware gangs.

Why This Keeps Happening

FortiGate appliances remain a persistent target. The recent FortiClientEMS SQL injection flaw and ongoing exploitation of the FortiCloud SSO bypass demonstrate that Fortinet products sit squarely in attacker crosshairs.

But this campaign didn't need vulnerabilities. Organizations exposed management interfaces to the internet with weak credentials handed attackers the keys. According to Shadowserver Foundation data cited in the report, thousands of FortiGate management interfaces remain publicly accessible.

What AI Changes

The campaign demonstrates how AI lowers the barrier to entry for technically unsophisticated attackers. Tasks that previously required specific expertise—Active Directory exploitation, lateral movement planning, credential harvesting—can now be scaffolded by AI assistants.

This doesn't mean AI is doing the hacking. The threat actor still needed to operate tools, make decisions, and handle failures. But the learning curve flattened significantly. Someone who might have abandoned the effort after the initial breach can now receive structured guidance on next steps.

Amazon's research suggests the AI tools were used in a conversational manner, with the attacker iterating on attack plans based on what they discovered during reconnaissance. The AI essentially served as a mentor, filling gaps in the attacker's knowledge as they progressed through the operation.

Defensive Recommendations

Organizations running FortiGate appliances should immediately verify their management interface configurations. Amazon recommends:

1. Isolate management interfaces from public internet access
2. Enforce multi-factor authentication on all administrative access
3. Rotate credentials for any devices that may have been exposed
4. Segment backup infrastructure to prevent lateral access
5. Monitor for DCSync and similar credential-harvesting techniques

The scanning origin IP identified in the report—212.11.64[.]250—should be blocked, though the attacker likely operates from rotating infrastructure.

Why This Matters

This campaign confirms what security researchers have warned about: AI tools reduce the expertise required to execute sophisticated attacks. A threat actor who couldn't write proper JSON parsing code still managed to compromise 600+ enterprise firewalls and position for ransomware deployment.

The pattern analysis in our coverage of network appliance authentication bypasses holds here too. Default configurations and exposed management interfaces remain the easiest path into enterprise networks. AI just makes it easier for more attackers to walk that path.

For organizations on the receiving end, the defensive fundamentals haven't changed. But the urgency has. The window between initial access and serious damage continues to shrink as attackers—even unsophisticated ones—gain tools that accelerate their operations.