A financially motivated Russian-speaking threat actor has compromised over 600 FortiGate devices in 55 countries using commercial generative AI tools, as noted by Amazon Threat Intelligence. The campaign, observed between January 11 and February 18, 2026, exploited exposed management ports and weak credentials rather than FortiGate vulnerabilities. The actor, assessed as having limited technical skills, leveraged AI to enhance their attack methods, creating an “AI-powered assembly line for cybercrime.” Attacks involved systematic scanning of internet-exposed FortiGate interfaces, enabling credential extraction and network compromise, particularly targeting Active Directory and backup infrastructures. Amazon emphasizes the need for organizations to secure management interfaces, enforce strong credentials, and implement multi-factor authentication. Regular audits and software updates are crucial. As AI-augmented cybercrime increases, robust defense strategies like patch management and network segmentation are vital to protect against evolving threats. Organizations should remain vigilant to safeguard their systems against such emerging techniques.
Source link
Share
Read more