contact@codexcg.com
All Posts threat-intelligence

AI-Assisted Hacker Breaches 600+ FortiGate Firewalls Across 55 Countries

· Codex Consulting Group · 6 min read
fortinetartificial-intelligencefirewallcredential-theftransomware

Overview

What happens when you hand a low-skilled threat actor access to commercial AI tools? They breach 600+ FortiGate firewalls across 55 countries in five weeks. That is the core finding from an Amazon Threat Intelligence report published this week, detailing a campaign that ran from January 11 through February 18, 2026.

The attacker did not exploit any FortiGate vulnerabilities. Not a single zero-day, no CVE exploitation. Instead, they scanned for exposed management interfaces and brute-forced weak credentials that lacked multi-factor authentication. AI filled in the gaps where the attacker’s skills fell short, turning what would normally require a sizable team into a one-person operation.

Technical Details

Amazon’s CISO, CJ Moses, described the threat actor as Russian-speaking, financially motivated, and possessing limited technical capabilities. The actor used at least two commercial generative AI services throughout the campaign: one as the primary backbone of the operation, and a second as a fallback for pivoting within compromised networks. Amazon did not name the AI tools in its initial report.

Separate research from the Cyber and Ramen security blog filled in that gap. According to their analysis of the same attacker’s exposed server (hosted at 212.11.64[.]250), the actor used DeepSeek to generate attack plans from reconnaissance data and Anthropic Claude’s coding agent to produce vulnerability assessments. In some cases, Claude Code was configured to execute offensive tools autonomously, including Impacket scripts, Metasploit modules, and hashcat, without requiring the attacker to approve each command.

Initial Access

The campaign started with systematic scanning of FortiGate management interfaces exposed on ports 443, 8443, 10443, and 4443. The targeting was sector-agnostic, purely opportunistic scanning for vulnerable appliances. Once the actor found an exposed management port, they attempted authentication using commonly reused credentials.

No sophistication required. If your FortiGate management interface was reachable from the internet and protected by a weak, single-factor password, you were a target.

Post-Compromise Activity

After gaining access, the attacker extracted full device configurations from breached FortiGate appliances. These configuration files contain a goldmine of sensitive data:

  1. SSL-VPN user credentials with recoverable passwords
  2. Administrative credentials
  3. Firewall policies and internal network architecture
  4. IPsec VPN configurations and routing information

The stolen configurations were parsed using AI-assisted Python and Go tools. Amazon noted clear signs of AI-generated code in these tools: redundant comments restating function names, naive JSON parsing via string matching instead of proper deserialization, and compatibility shims with empty documentation stubs. Functional enough to get the job done, but brittle and failing under edge cases.

Lateral Movement and Ransomware Staging

With VPN access established, the actor deployed custom reconnaissance tools to map internal networks, identify domain controllers, and locate backup infrastructure. The post-exploitation playbook included:

  1. DCSync attacks against Windows domain controllers to extract NTLM password hashes
  2. Pass-the-hash and NTLM relay attacks for lateral movement
  3. Targeted compromise of Veeam Backup & Replication servers using custom PowerShell scripts and attempts to exploit CVE-2023-27532 and CVE-2024-40711

That last point is worth pausing on. Targeting backup infrastructure is a textbook pre-ransomware move. You take out the backups first, then deploy the payload. Amazon assessed this campaign was likely building toward ransomware deployment.

The AI Infrastructure

The exposed server revealed a surprisingly sophisticated AI-powered attack pipeline. It contained 1,402 files across 139 subdirectories, including CVE exploit code, FortiGate configuration files, Nuclei scanning templates, and Veeam credential extraction tools.

The centerpiece was a custom Model Context Protocol (MCP) server named ARXON that acted as a bridge between reconnaissance data and the large language models. ARXON processed scan results, fed them to DeepSeek for attack planning, and used output scripts to modify victim infrastructure. A separate Go-based orchestrator called CHECKER2 handled parallel VPN scanning, with logs showing over 2,500 potential targets across more than 100 countries.

Think about that for a moment. A single operator, with limited technical skills, managing simultaneous intrusions across dozens of countries because AI handled the analytical heavy lifting at every stage of the kill chain.

Where the Attacker Failed

One detail in the report stood out. When the threat actor encountered hardened environments or patched systems, they simply moved on to the next target. Their operational notes documented multiple failures, recording that targets had “patched the services, closed the required ports, or had no vulnerable exploitation vectors.”

The attacker could not get past basic security hygiene. AI gave them scale, but it did not give them the ability to defeat properly configured defenses.

Impact

This campaign compromised organizations across South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia. Amazon confirmed multiple organizations had their Active Directory environments fully compromised, with complete credential databases extracted. The compromises were organizational-level, meaning multiple FortiGate devices belonging to the same entity were breached.

The broader implication goes beyond this single campaign. Commercial AI tools are democratizing offensive capabilities that previously required significant expertise and team size. Amazon described the operation as “an AI-powered assembly line for cybercrime.” This is not the first time we have seen threat actors using AI in attacks, but the scale and automation here represent a meaningful escalation.

For organizations running Fortinet appliances (and that is a lot of organizations), this is a clear signal that exposed management interfaces with weak credentials are being actively hunted at industrial scale.

  1. Ensure FortiGate management interfaces are not exposed to the internet. If remote management access is required, restrict it to specific IP addresses or access it only through a dedicated management VPN.

  2. Enable multi-factor authentication for all administrative and VPN access. The entire campaign relied on single-factor credentials. MFA would have stopped the initial access dead.

  3. Rotate SSL-VPN user credentials immediately. If your FortiGate’s management interface was exposed during the January 11 to February 18 window, assume credentials may have been compromised. Ensure VPN passwords are not the same as Active Directory passwords.

  4. Audit for unauthorized administrative accounts or VPN connections. Look for any accounts created during the campaign timeframe and review VPN connection logs for anomalous geographic sources.

  5. Isolate backup infrastructure from general network access. The attacker specifically targeted Veeam servers as a precursor to ransomware. Backup servers should be segmented and hardened, with offline or immutable backup copies maintained.

  6. Monitor the published indicator of compromise. The primary scanning IP was 212.11.64[.]250. Check your firewall logs for connections from this address across ports 443, 8443, 10443, and 4443 during the campaign period.

  7. Patch known Veeam vulnerabilities. Ensure CVE-2023-27532 and CVE-2024-40711 are remediated on all Veeam Backup & Replication servers in your environment.

How Codex Can Help

If your organization runs FortiGate appliances and you are concerned about exposure from this campaign, reach out. Our team can help with:

  • Compromise assessment to determine whether your FortiGate devices or internal networks show signs of unauthorized access from this or similar campaigns
  • Firewall configuration review to identify exposed management interfaces, weak credential policies, and missing MFA across your perimeter devices
  • Penetration testing targeting your edge infrastructure, VPN configurations, and backup systems to validate your defenses against these exact attack techniques
  • Incident response if you discover indicators of compromise matching this campaign in your environment

We have been helping organizations secure their perimeter infrastructure since before AI started writing attack plans. That experience matters more now than ever.

Sources

  1. https://thehackernews.com/2026/02/ai-assisted-threat-actor-compromises.html
  2. https://www.bleepingcomputer.com/news/security/amazon-ai-assisted-hacker-breached-600-fortigate-firewalls-in-5-weeks/
Back to all posts

Related Posts

threat-intelligence

Warlock Gang Breached SmarterTools Through Its Own Email Server Software

China-linked ransomware group Storm-2603 compromised SmarterTools by exploiting critical SmarterMail vulnerabilities, then turned the same flaws against the vendor's customers.

ransomwarevulnerabilitychina
threat-intelligence

A0Backdoor Emerges from BlackBasta's Ashes via Teams Phishing

New A0Backdoor malware uses DNS MX records for C2, deployed via Microsoft Teams social engineering targeting financial and healthcare orgs

a0backdoorblackbastaphishing
threat-intelligence

Lotus Blossom Turned Notepad++ Into a Six-Month Espionage Pipeline

Chinese APT Lotus Blossom hijacked Notepad++ updates for six months to deploy the custom Chrysalis backdoor targeting telecom and government organizations.

supply-chainaptchina