Full Report
A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries. That's according to new findings from Amazon Threat Intelligence, which said it observed the activity between January 11 and February 18, 2026. "No exploitation of FortiGate
Analysis Summary
# Incident Report: AI-Augmented FortiGate Compromise Campaign
## Executive Summary
A Russian-speaking, financially motivated threat actor used commercial generative AI services to scale an attack campaign against over 600 FortiGate devices in 55 countries. By utilizing AI to bridge technical skill gaps, the actor successfully exploited weak credentials on exposed management ports to facilitate Active Directory compromises and credential harvesting. Amazon Threat Intelligence disrupted the activity, which appeared to be a precursor to large-scale ransomware deployment.
## Incident Details
- **Discovery Date:** Observed between January 11 and February 18, 2026
- **Incident Date:** January 11 – February 18, 2026
- **Affected Organization:** 600+ organizations (unnamed)
- **Sector:** Sector-agnostic (Mass automated scanning)
- **Geography:** 55 countries globally
## Timeline of Events
### Initial Access
- **Date/Time:** Commencing January 11, 2026.
- **Vector:** Exploitation of exposed management interfaces and credential stuffing/spraying.
- **Details:** The actor targeted FortiGate management ports (443, 8443, 10443, and 4443) that were exposed to the internet and protected only by weak credentials and single-factor authentication.
### Lateral Movement
- **Details:** Once the FortiGate appliances were breached, the actor extracted device configurations to map network topologies. They used AI-assisted pivoting techniques to move from the perimeter into internal Active Directory (AD) environments.
### Data Exfiltration/Impact
- **Details:** The actor extracted complete Active Directory credential databases and targeted backup infrastructure. Full device configurations from FortiGate appliances were also stolen.
### Detection & Response
- **How it was discovered:** Amazon Threat Intelligence monitored threat actor infrastructure and identified publicly accessible repositories containing attack artifacts.
- **Response actions taken:** Amazon investigated the actor's AI-generated attack plans and source code, leading to the identification of the campaign's scope and subsequent disruption efforts.
## Attack Methodology
- **Initial Access:** Scanning and brute-forcing exposed FortiGate management ports using weak/reused credentials.
- **Persistence:** Not explicitly detailed, though AD compromise suggests deep-seated access.
- **Privilege Escalation:** Noted as being facilitated by AI "fallback" tools for pivoting.
- **Defense Evasion:** Dropping targets with hardened environments in favor of "soft victims" to maintain operational tempo.
- **Credential Access:** Extraction of full AD credential databases and FortiGate configuration files containing secrets.
- **Discovery:** Internet-wide scanning for ports 443, 8443, 10443, and 4443; use of the Nuclei vulnerability scanner.
- **Lateral Movement:** Utilizing stolen network topology data to move from firewalls to internal servers.
- **Collection:** Gathering configuration files, network maps, and credential stores.
- **Exfiltration:** Transferring stolen AD databases to actor-controlled infrastructure.
- **Impact:** Targetting of backup infrastructure, typically a precursor to ransomware.
## Impact Assessment
- **Financial:** High potential cost; activity was consistent with preparation for ransomware.
- **Data Breach:** Compromise of internal network credentials and device configurations for over 600 entities.
- **Operational:** Disruption to security perimeter devices; potential for full network lockdown via ransomware.
- **Reputational:** High-profile exposure of 600+ organizations' failure to secure management interfaces.
## Indicators of Compromise
- **Network indicators:** `212.11.64[.]250` (Primary scanning IP).
- **File indicators:** Custom tooling source code and AI-generated attack plans (specific hashes not provided in summary).
- **Behavioral indicators:** Excessive authentication attempts on FortiGate ports 443, 8443, 10443, and 4443; unauthorized access to backup systems.
## Response Actions
- **Containment measures:** Identification of the primary attacking IP address for blocking.
- **Eradication steps:** Clearing of attacker artifacts from compromised AD environments.
- **Recovery actions:** Strengthening of management interface security and credential resets.
## Lessons Learned
- **AI as a Skill-Gap Bridge:** Generative AI allows unsophisticated actors to operate at the scale of professional APT groups by automating planning and tool development.
- **Basic Hygiene Failures:** Despite the high-tech AI involvement, the root cause was the lack of Multi-Factor Authentication (MFA) and exposed management ports.
- **Target Selection:** Actors are increasingly using "AI assembly lines" to quickly identify and pivot away from hardened targets toward easier victims.
## Recommendations
- **Disable Public Management:** Ensure FortiGate management interfaces are not accessible from the public internet.
- **Enforce MFA:** Mandatory Multi-Factor Authentication for all administrative access, especially on perimeter devices.
- **Credential Policy:** Implement strong, unique password requirements to prevent credential stuffing.
- **Vulnerability Management:** Regularly audit internet-facing assets for exposed ports and utilize scanners to identify what an attacker sees.