Amazon Threat Intelligence has exposed a landmark cyberattack campaign in which a low-skilled, Russian-speaking threat actor leveraged multiple commercial generative AI (GenAI) services to breach over 600 FortiGate firewall devices across more than 55 countries between January 11 and February 18, 2026, without exploiting a single software vulnerability.
This campaign is a watershed moment in threat intelligence: it demonstrates that commercial AI tools are now actively lowering the technical barrier to entry for cybercrime, enabling unsophisticated actors to operate at a scale that once required well-resourced, skilled adversarial teams.
Overview
Amazon Threat Intelligence (ATI) discovered the campaign during routine threat operations when analysts identified publicly accessible infrastructure hosting malicious tooling.
The threat actor had staged operational files on the same exposed infrastructure, including AI-generated attack plans, victim device configurations, and custom tool source code with no encryption or access controls.
This critical operational security failure gave Amazon researchers deep visibility into the attacker’s methodology and AI-assisted workflows.
The actor compromised globally dispersed FortiGate appliances, extracting full device configuration files that contained SSL-VPN user credentials, administrative passwords, complete network topology data, firewall policies, and IPsec VPN peer configurations.
These stolen configurations were then parsed using AI-assisted Python scripts before being used to pivot into victim internal networks.
Initial Access
No zero-day exploits. No novel vulnerability chains. The initial access vector was straightforward: credential-based authentication abuse against FortiGate management interfaces exposed to the public internet.
The actor’s tooling systematically scanned for management interfaces across ports 443, 8443, 10443, and 4443, followed by brute-force authentication attempts using commonly reused or weak passwords protected only by single-factor authentication.
This is a textbook exploitation of fundamental security hygiene failures, exposed management surfaces, and weak credential policies, amplified to a global scale through AI-generated tooling and automation.
The targeting appears entirely opportunistic, consistent with automated mass scanning rather than any sector-specific intelligence.
Amazon analysts identified clusters of compromised devices belonging to the same organization, including deployments from managed service providers and large corporate networks across South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia.
AI as a Force Multiplier
Amazon Threat Intelligence confirmed that the actor used at least two distinct commercial LLM providers throughout the campaign. One served as the primary attack planner, tool developer, and operational assistant.
A second LLM was used as a supplementary planner when the actor needed help pivoting within a specific compromised network. In at least one documented case, the attacker submitted a complete victim’s internal topology, including IP addresses, hostnames, credentials, and identified services, then asked the AI to produce a step-by-step lateral movement plan.
The threat actor’s custom reconnaissance framework, written in both Go and Python, bears clear hallmarks of AI-generated code: redundant comments that restate function names, naive JSON parsing via string matching rather than proper deserialization, and empty documentation stubs.
While functional, the tooling fails under edge cases and non-standard conditions, a consistent limitation that ATI observed throughout the campaign.
Beyond the recon tool, the actor’s infrastructure included dozens of AI-generated scripts in multiple languages: configuration parsers, credential extractors, VPN connection automators, mass-scanning orchestrators, and results aggregation dashboards.
The sheer volume of tooling would normally indicate a well-resourced development team; here, a single actor or very small group generated the entire toolkit through AI-assisted development.
Active Directory and Backup Targeting
Following VPN access to victim networks, the actor deployed well-known open-source offensive tools. Using Meterpreter with the Mimikatz module, the attacker executed DCSync attacks against domain controllers to extract NTLM password hashes. In confirmed compromises, the attacker obtained complete domain credential databases.
In at least one case, the Domain Administrator account used a plaintext password either reused from the FortiGate configuration or independently weak.
Lateral movement followed through pass-the-hash and pass-the-ticket attacks, NTLM relay attacks, and remote command execution on Windows hosts.
The actor specifically targeted Veeam Backup & Replication servers, deploying PowerShell scripts, compiled decryption tools, and known Veeam CVE exploits (including CVE-2023-27532 and CVE-2024-40711), positioning for ransomware deployment by destroying recovery capabilities before encryption.
Crucially, when the actor encountered hardened environments or sophisticated defenses, they consistently moved on rather than persisting, confirming their advantage lies in AI-augmented scale and efficiency, not great technical skill.
Threat Actor Assessment
| Attribute | Assessment |
|---|---|
| Motivation | Financially motivated (suspected ransomware precursor) |
| Language | Russian-speaking (Russian-language operational docs) |
| Skill Level | Low-to-medium, heavily AI-augmented |
| AI Dependency | Inadequate, unencrypted data on public infrastructure |
| Operational Security | Inadequate unencrypted data on public infrastructure |
| Persistence | Low moves on when automated approaches fail |
The actor is not affiliated with any known advanced persistent threat (APT) group or state-sponsored organization.
Indicators of Compromise
| IOC Value | Type | Active Period | Context |
|---|---|---|---|
| 212[.]11.64.250 | IPv4 | Jan 11 – Feb 18, 2026 | Scanning and exploitation infrastructure |
| 185[.]196.11.225 | IPv4 | Jan 11 – Feb 18, 2026 | Threat operations infrastructure |
Given the actor’s reliance on legitimate open-source tools (Impacket, gogo, Nuclei), organizations should prioritize behavioral detection over signature-based IOC matching: monitor for anomalous VPN authentication patterns, unexpected DCSync activity (Event ID 4662), and lateral movement from VPN address pools.
Recommendation
- Restrict FortiGate management interfaces from internet exposure; require bastion host or out-of-band management access.
- Enforce MFA on all administrative, VPN, and remote access accounts immediately.
- Rotate all SSL-VPN and AD credentials, especially any account whose password may appear in FortiGate configuration exports.
- Audit for password reuse between FortiGate VPN accounts and Active Directory domain accounts
- Isolate Veeam Backup servers from general network access and enable immutable backup copies.
- Enable Amazon GuardDuty, AWS Inspector, and AWS Security Hub for organizations on AWS infrastructure.
As Amazon’s CISO C.J. Moses stated: “Strong defensive fundamentals remain the most effective countermeasure: patch management for perimeter devices, credential hygiene, network segmentation, and robust detection for post-exploitation indicators.”
FAQ
Q1: How did the threat actor compromise over 600 FortiGate devices without exploiting any vulnerabilities?
By abusing exposed management interfaces and weak single-factor credentials using AI-automated mass scanning and authentication brute-forcing across ports 443, 8443, 10443, and 4443.
Q2: Which commercial AI services were used in the FortiGate attack campaign?
Amazon Threat Intelligence identified at least two distinct commercial LLM providers used for attack planning, tool development, and live operational pivoting, but did not publicly disclose their names.
Q3: What data was stolen from the compromised FortiGate devices?
Attackers extracted full device configurations containing SSL-VPN credentials, administrative passwords, network topology maps, firewall policies, and IPsec VPN peer data, enabling deep network pivoting.
Q4: How can organizations detect if they were affected by this AI-augmented FortiGate campaign?
Monitor for unexpected DCSync operations (Event ID 4662), unusual VPN logins from unfamiliar geolocations, unauthorized PowerShell activity on Veeam servers, and LLMNR/NBT-NS poisoning artifacts in network traffic.
Site: thecybrdef.com
Reference: Source
About the Author
