A financially motivated threat actor that speaks Russian has been using commercial generative artificial intelligence (AI) services to compromise more than 600 FortiGate devices in 55 countries, according to Amazon Threat Intelligence. The activity was observed between January 11 and February 18, 2026.
Instead of exploiting vulnerabilities in FortiGate, the threat actor successfully breached the devices by taking advantage of exposed management ports and weak credentials with single-factor authentication. This campaign highlighted the use of AI by unsophisticated actors to exploit fundamental security gaps at scale.
The threat actor, described as having limited technical capabilities, relied on multiple commercial generative AI tools for various phases of the attack cycle. While one AI tool was the primary backbone of the operation, a second AI tool served as a fallback for pivoting within compromised networks.
Amazon’s investigation revealed that the threat actor is driven by financial gain and is not associated with any advanced persistent threat (APT) with state-sponsored resources. The use of generative AI tools by threat actors is on the rise, enabling them to scale and accelerate their operations without requiring advanced technical skills.
The attacks allowed the threat actor to breach FortiGate appliances and extract full device configurations, credentials, network topology information, and device configuration data. The stolen data was used for post-exploitation activities, including reconnaissance, credential harvesting, and targeting backup infrastructure in preparation for ransomware deployment.
Organizations are advised to secure their Fortinet appliances by ensuring that management interfaces are not exposed to the internet, changing default credentials, implementing multi-factor authentication, and monitoring for unauthorized access.
As AI-augmented threat activity continues to grow, organizations should focus on strong defensive fundamentals such as patch management, credential hygiene, network segmentation, and robust detection mechanisms.
