When Script Kiddies Get a Brain Upgrade: AI-Assisted Attacker Hits 600+ FortiGate Devices Across 55 Countries

There's a moment in every cybersecurity professional's career when you realize the game has changed. For many of us, that moment arrived this week when Amazon Threat Intelligence dropped a bombshell report about a Russian-speaking threat actor who, despite having "limited technical capabilities," managed to compromise more than 600 FortiGate devices spanning 55 countries. The secret weapon wasn't a zero-day exploit or access to nation-state resources. It was a subscription to commercial AI services.

Between January 11 and February 18, 2026, this financially motivated attacker ran what Amazon CISO CJ Moses described as an "AI-powered assembly line for cybercrime." The operation targeted FortiGate management interfaces exposed to the internet, scanning across ports 443, 8443, 10443, and 4443 from a single IP address. No sophisticated exploitation was involved. The entire campaign succeeded by targeting the fundamentals we've been preaching about for years: exposed management ports, weak credentials, and single-factor authentication.

What makes this campaign genuinely unsettling isn't the technical sophistication—it's the complete lack of it. The threat actor relied on multiple commercial generative AI tools to handle virtually every phase of the attack lifecycle. One AI tool served as the primary backbone for tool development, attack planning, and command generation, while a second AI tool acted as a fallback specifically for lateral movement within compromised networks. Amazon declined to name the specific AI services involved, but independent research from Cyber and Ramen has since revealed the attackers leveraged DeepSeek for generating attack plans and Anthropic's Claude coding agent for vulnerability assessments and executing offensive tools on victim systems.

The infrastructure behind this operation tells an even more concerning story. When researchers examined the attacker's publicly accessible server at 212.11.64.250, they discovered over 1,400 files spread across 139 subdirectories. The haul included CVE exploit code, stolen FortiGate configuration files, Nuclei scanning templates, Veeam credential extraction tools, and BloodHound collection data mapping Active Directory environments. Perhaps most notable was the presence of a custom Model Context Protocol server named ARXON, designed to process reconnaissance data, invoke DeepSeek for attack planning, and orchestrate modifications to victim infrastructure. A Go-based tool called CHECKER2 handled parallel VPN scanning and target processing.

The source code itself bore all the hallmarks of AI-assisted development. Amazon's analysis found redundant comments that simply restated function names, simplistic architecture with disproportionate investment in formatting over actual functionality, naive JSON parsing through string matching rather than proper deserialization, and compatibility shims with empty documentation stubs. This wasn't the work of a skilled developer. It was the output of someone who learned to prompt their way through programming.

Once inside a FortiGate appliance, the attacker's methodology followed a disturbingly effective playbook. They extracted full device configurations to harvest credentials, network topology information, and device settings. From there, the reconnaissance tool—available in both Go and Python variants—mapped out the victim's environment. The threat actor achieved domain compromise through DCSync attacks, moved laterally using pass-the-hash and pass-the-ticket techniques along with NTLM relay attacks, and specifically targeted Veeam Backup and Replication servers. The focus on backup infrastructure is a classic ransomware precursor, ensuring that when encryption hits, there's no easy recovery path.

The geographic spread of compromises reads like a global tour. Amazon identified victimized organizations across South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia. The scanning was sector-agnostic, suggesting automated mass enumeration rather than targeted selection. When the attacker encountered hardened environments or sophisticated security controls, they simply dropped the target and moved to easier prey. Why waste time on difficult victims when there are hundreds of softer targets with exposed management interfaces?

Amazon's investigation uncovered something else worth noting: the attacker's own documentation recorded their failures. Targets had either patched vulnerable services, closed the required ports, or simply presented no exploitable vectors. The threat actor wasn't breaking through defenses. They were walking through open doors that organizations had forgotten to lock.

The implications here extend far beyond this particular campaign. What we're witnessing is the democratization of sophisticated attack capabilities. Operations that previously required a large, skilled team can now be executed by a single individual or small group with AI assistance. The barrier to entry for cybercrime has dropped significantly, and the operational scale available to low-skilled attackers has expanded dramatically. A financially motivated individual working alone is now achieving what would have required organized crime resources just a few years ago.

This campaign also highlights a fundamental truth about perimeter security that defenders sometimes forget: the most sophisticated exploit in the world is useless against an organization that doesn't expose its management interfaces to the internet. Every compromised device in this campaign was accessible because someone made a configuration decision to expose FortiGate management ports to the public internet. Every stolen credential worked because organizations hadn't implemented multi-factor authentication for administrative and VPN access. The attacker didn't need to be clever. They just needed to show up.

For organizations running FortiGate appliances, the defensive checklist writes itself. Management interfaces should never be exposed to the internet, period. Default and commonly reused credentials must be changed. SSL-VPN user credentials should be rotated regularly. Multi-factor authentication is non-negotiable for both administrative and VPN access. Organizations should audit their environments for unauthorized administrative accounts or suspicious connections. Backup servers need network isolation. All software must be kept current with patches. And ongoing monitoring for unintended network exposure should be standard practice.

The broader lesson applies regardless of what network equipment you run. As Moses noted in Amazon's report, AI-augmented threat activity will continue to grow in volume throughout 2026 from both skilled and unskilled adversaries. The most effective countermeasure remains strong defensive fundamentals: rigorous patch management for perimeter devices, credential hygiene, network segmentation, and robust detection for post-exploitation indicators. The fancy tools and sophisticated defenses matter, but they can't compensate for leaving the front door unlocked.

The December 2025 exposure of the same attacker's server revealed the earlier presence of HexStrike AI, an offensive AI framework that made headlines last September. The evolution from using off-the-shelf offensive AI frameworks to building custom MCP servers that maintain a growing knowledge base across targets suggests this threat actor is learning and scaling their operation. A single operator managing simultaneous intrusions across multiple countries with analytical support at every stage represents a new paradigm in cybercrime economics.

We've spent years warning about the potential for AI to supercharge threat actors. This campaign is the proof point. An unsophisticated attacker with access to commercial AI tools achieved the operational footprint of a mid-sized cybercrime operation. They developed custom tooling, generated attack plans, processed reconnaissance data, and maintained persistence across hundreds of devices globally. The future of cybercrime isn't coming. It's already here, and it's running on the same AI services we use to write emails and summarize documents.

The 600 organizations caught in this campaign probably aren't feeling great right now. But for the rest of us, this is a wake-up call. The fundamentals matter more than ever. Patch your perimeter devices. Secure your management interfaces. Implement MFA everywhere. Rotate your credentials. Because the next threat actor knocking on your door might be using AI to work through a list of a thousand targets at once, and they only need you to have made one mistake.