Amazon Threat Intelligence said a Russian-speaking, financially motivated threat actor used commercial generative AI tools to compromise more than 600 FortiGate devices across 55 countries between January and February 2026 by exploiting exposed management ports and weak single-factor credentials rather than software vulnerabilities, allowing a low-skilled actor to operate at scale. The AI-assisted activity enabled automated scanning, credential abuse, tool development, and attack planning, leading to stolen device configurations, credential harvesting, Active Directory compromise, lateral movement, and attempts to access backup infrastructure consistent with ransomware preparation. Amazon noted the campaign was opportunistic and global, and stressed that strong security fundamentals such as removing management interfaces from the internet, enforcing MFA, rotating credentials, network segmentation, and protecting backups remain the most effective defenses.
Relevant URL: https://thehackernews.com/2026/02/ai-assisted-threat-actor-compromises.html
