When AI Does the Hacking for You: 600+ FortiGate Devices Compromised Across 55 Countries

If you needed proof that generative AI has fundamentally changed the threat landscape, here it is: a Russian-speaking threat actor with admittedly limited technical skills just compromised over 600 FortiGate devices across 55 countries. The kicker? They did it by letting commercial AI tools do most of the heavy lifting.

Amazon Threat Intelligence dropped this bombshell in a report published Friday, documenting a campaign that ran from January 11 through February 18, 2026. What makes this particularly noteworthy isn't the sophistication of the attack—it's the complete lack of it. No zero-days were exploited. No novel vulnerabilities were leveraged. The threat actor simply found FortiGate devices with management interfaces exposed to the internet, then used AI to help them brute-force weak credentials at scale.

"No exploitation of FortiGate vulnerabilities was observed—instead, this campaign succeeded by exploiting exposed management ports and weak credentials with single-factor authentication, fundamental security gaps that AI helped an unsophisticated actor exploit at scale," explained CJ Moses, Chief Information Security Officer at Amazon Integrated Security. That's a polite way of saying hundreds of organizations got owned because they left the front door unlocked.

The threat actor, assessed to be financially motivated rather than state-sponsored, relied on multiple commercial generative AI services throughout the attack cycle. One AI tool served as the primary backbone for operations, while a second acted as backup when they needed help pivoting within compromised networks. Amazon declined to name which AI platforms were abused, but the implications are clear: the barriers to entry for cybercrime continue to crumble.

What's particularly fascinating is how the AI augmentation manifested in the attacker's custom tooling. Amazon's analysis of reconnaissance tools written in both Go and Python revealed telltale signs of AI-assisted development, including redundant comments that simply restated function names, simplistic architecture with disproportionate focus on formatting over functionality, and naive JSON parsing through string matching rather than proper deserialization. The code worked, but it had all the elegance of a term paper written the night before it was due.

The campaign followed a methodical pattern. Systematic scanning of FortiGate management interfaces across ports 443, 8443, 10443, and 4443 originated from a single IP address. The scans were sector-agnostic, indicating pure automation rather than targeted selection. Once the attackers gained initial access through credential stuffing, they extracted full device configurations that exposed internal credentials, network topology, and additional configuration data.

From there, the post-exploitation playbook was straight out of a ransomware operator's handbook. The threat actor compromised multiple organizations' Active Directory environments through DCSync attacks, moved laterally via pass-the-hash and NTLM relay techniques, and specifically targeted Veeam Backup and Replication servers using known vulnerabilities like CVE-2023-27532 and CVE-2024-40711. That last detail is telling—when attackers go after your backup infrastructure, they're not just stealing data. They're preparing to hold your entire environment hostage.

Perhaps the most revealing aspect of Amazon's investigation was what the threat actor didn't do. Their own documentation, discovered on publicly accessible infrastructure, recorded repeated failures when attempting to exploit anything beyond the most straightforward attack paths. When targets had patched their services, closed vulnerable ports, or lacked obvious exploitation vectors, the attackers simply moved on to softer victims. This isn't the behavior of a sophisticated APT—it's a cybercriminal doing cost-benefit analysis, letting AI help them find the low-hanging fruit.

The geographic distribution of compromised devices spans South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia. Amazon observed organizational-level compromise where multiple FortiGate devices belonging to the same entity were accessed, suggesting the attackers successfully leveraged initial footholds to expand their access.

For defenders, the remediation guidance is frustratingly basic: don't expose management interfaces to the internet, change default and commonly reused credentials, rotate SSL-VPN user credentials, implement multi-factor authentication for administrative and VPN access, and audit for unauthorized accounts or connections. Isolate backup servers, keep software updated, and monitor for post-exploitation indicators. None of this is revolutionary advice—it's Security 101 that too many organizations still aren't following.

"As we expect this trend to continue in 2026, organizations should anticipate that AI-augmented threat activity will continue to grow in volume from both skilled and unskilled adversaries," Moses concluded. "Strong defensive fundamentals remain the most effective countermeasure."

The uncomfortable truth is that AI isn't giving attackers new superpowers—it's making existing attack techniques accessible to people who previously lacked the skills to execute them. When a threat actor can compromise 600 devices across 55 countries using borrowed intelligence, your perimeter security assumptions need to change. The script kiddies of today have very capable tutors.