The evolution of generative AI from a niche research topic to mainstream commercial services has enabled a shift in cyber threat dynamics. Recently, Amazon Threat Intelligence documented a campaign where a relatively unsophisticated adversary leveraged multiple commercial AI models to automate and scale credential-based attacks against internet-exposed FortiGate appliances. This activity underscores how AI is lowering the barrier to executing offensive operations at scale—even without deep technical expertise.
Campaign Summary and Threat Actor Profile
Between January 11 and February 18, 2026, the threat actor systematically targeted FortiGate firewall devices across more than 55 countries, compromising over 600 appliances. Rather than exploiting software vulnerabilities in FortiGate OS, the actor relied on exposed management interfaces and weak authentication, including default or reused credentials with single-factor access controls.
Key assessments by Amazon Threat Intelligence include:
- Motivation: Financially driven, indicated by indiscriminate mass targeting rather than strategic selection of high-value victims.
- Skill Level: Baseline technical capability augmented via AI. The actor automated standard offensive tasks such as scanning, credential guessing, and post-exploit reconnaissance using AI-generated scripts and workflows.
- AI Usage: Extensive use of at least two distinct commercial generative AI services to assist in code generation, reconnaissance planning, command construction, and operational playbooks.
- Operational Pattern: Opportunistic scanning and exploitation; failure against well-defended or hardened environments leads to abandonment of targets rather than persistence.
This profile exemplifies a shift in the threat landscape: AI serves as a force multiplier that enables low-skill actors to operationalize well-known attack techniques at internet scale.
Technical Breakdown of the Attack Lifecycle
1. Initial Access via Mass Credential Abuse
The actor performed systematic scanning of public IP spaces for FortiGate management ports (e.g., 443, 8443) and attempted authentication using lists of common or default credentials. Upon successful authentication, they extracted full device configuration files, which often contain:
- Administrative credentials
- SSL-VPN user credentials
- Network topology and policy information
- IPsec peer configurations
These configuration files were parsed and decrypted using AI-augmented Python tooling, enabling credential harvesting and lateral pivot planning.
2. AI-Generated Reconnaissance and Custom Tooling
Post initial access, the actor deployed custom reconnaissance frameworks with AI-generated code. Although functional, the source exhibits typical markers of automated code generation—verbose comments, simplistic parsing logic, and lack of edge-case resilience. These tools orchestrated tasks such as:
- Network host discovery and service enumeration
- Classification of network targets
- Integration with scanners (e.g., Nuclei)
- Prioritized attack path construction
While the core tooling lacked robustness, its volume and diversity enabled rapid automation across a wide attack surface.
3. Post-Exploitation Activities
Upon gaining internal network access through compromised VPN credentials, the actor attempted standard post-exploit actions:
- Domain compromise via credential harvesting and DCSync attacks
- Lateral movement using pass-the-hash and NTLM relay techniques
- Backup infrastructure targeting, especially servers like Veeam Backup & Replication, which often store elevated credentials crucial for full environment compromise
These activities mirror pre-ransomware playbooks seen in more sophisticated threat groups, though actual ransomware deployment was not confirmed.
AI as an Operational Catalyst
The campaign’s defining characteristic is not novel exploit techniques but how AI enabled automation and scale. Instead of crafting exploits or bespoke tools, the threat actor relied on generative models to:
- Produce attack methodologies and strategic plans
- Generate command sequences and tooling templates
- Assist in pivoting through unfamiliar network environments
The result is a highly automated workflow where AI effectively replaces parts of the manual scripting and planning phase normally performed by experienced operators. However, the actor’s inability to adapt when automated approaches fail highlights a dependency on AI for procedural tasks rather than deep technical synthesis.
Defensive Recommendations for Security Teams
The root cause of the campaign’s success was poor security hygiene, not undiscovered vulnerabilities. Organizations can mitigate similar threats through several engineering and operational practices:
FortiGate Hardening
- Remove or restrict internet-accessible management interfaces
- Implement IP allow-listing and secure bastion hosts
- Disable default accounts and enforce unique credentials
- Enable multi-factor authentication (MFA) for administrative and VPN access
- Audit VPN and administrative logs for anomalous geographic access patterns
Credential Hygiene
- Eliminate shared or reused passwords between network devices and domain accounts
- Use strong MFA across all access layers
- Rotate service and backup system credentials frequently
Post-Compromise Detection
- Monitor for irregular Active Directory DCSync events
- Detect unusual scheduled tasks or lateral traffic patterns
- Analyze network protocols (e.g., LLMNR/NBT-NS) for poisoning techniques
- Scrutinize abnormal remote management access
Infrastructure Hardening
- Isolate backup servers with strict segmentation and minimal network exposure
- Ensure immutable backups where feasible
- Apply comprehensive patching and configuration enforcement across devices
Conclusion
The FortiGate compromise campaign reveals an inflection point: AI is enabling high throughput threat operations by automating routine tasks, not by inventing fundamentally new exploits. Security teams must therefore focus on reinforcing security fundamentals—network segmentation, credential hygiene, access controls, and telemetry—because these remain the most effective defenses against both AI-augmented and traditional attack vectors.
