AI-Empowered Novice Hacker Breaches 600+ FortiGate Devices Worldwide
scsecFebruary 25, 20261 Mins read 
AI-Powered Hacker Breaches FortiGate Devices Worldwide
A new type of cybercriminal has emerged: the AI-augmented hacker. A Russian-speaking individual, despite limited technical knowledge, managed to compromise more than 600 FortiGate security devices across 55 countries in just over a month.
According to Amazon Threat Intelligence, the attacks took place between January 11 and February 18, 2026. The hacker wasn’t exceptionally skilled but leveraged commercial AI tools to automate the process, transforming basic hacking techniques into a high-speed, global operation.
High-Speed Scanning
Traditionally, breaking into a global network requires a team of skilled hackers. This attacker, however, used AI to generate Python and Go scripts that performed tedious tasks automatically. The AI systematically scanned the internet for open management ports, including 443, 8443, 10443, and 4443, looking for easy access points.
Rather than relying on sophisticated exploits, the hacker used AI to test common or stolen passwords against these ports. Once access was gained, AI tools were used to read device settings and map the internal network of the victim.
Targeting Backups and Passwords
After infiltrating the devices, the attacker aimed for total control. They deployed widely-known tools like Meterpreter and Mimikatz to steal passwords from Active Directory servers. Alarmingly, the hacker specifically targeted Veeam Backup & Replication servers, since compromising backups could prevent companies from recovering their data, increasing the likelihood of ransom payments.
Ironically, the attacker’s reliance on AI was also a weakness. While AI could generate code, it often failed with more complex tasks. Advanced exploits, such as CVE-2019-7192 and CVE-2023-27532, were unsuccessful because the attacker lacked the expertise to adapt the AI-generated scripts to updated systems. The campaign was most effective against less secure targets in South Asia, Southeast Asia, Latin America, West Africa, and Northern Europe.
Staying Safe in the AI Era
Amazon’s security chief, CJ Moses, emphasizes that although AI introduces new threats, traditional security measures remain essential. Organizations should:
- Ensure device management ports are not exposed to the public internet
- Implement Multi-Factor Authentication (MFA)
- Avoid password reuse between security devices and main networks
- Keep all software and security patches up to date
These basic steps prevented many of the attacker’s advanced attempts from succeeding.
1 Comment
Leave a Reply
Related Articles
Dashlane Confirms Attack Let Hackers Download Encrypted User Vaults After 2FA Bypass Attempt
Dashlane Investigates Attack That Allowed Hackers to Download Encrypted User Vaults Password...
DriveSurge Hijacks Thousands of Websites in Massive ClickFix and FakeUpdates Malware Campaign
Hackers Compromise Thousands of Websites in Large-Scale ClickFix and FakeUpdate Malware Campaign...
Dragon Weave Cyber Espionage Campaign Uses Cloud-Based Malware to Target Czech Republic and Taiwan
China-Linked Cyber Espionage Campaign “Dragon Weave” Targets Czech Republic and Taiwan A...
19-Year-Old Linux Kernel CIFSwitch Vulnerability Enables Root Privilege Escalation Across Major Distributions
19-Year-Old Linux Kernel Flaw Enables Root Privilege Escalation via CIFS Subsystem A...
This is a clear example of how AI is changing the cybersecurity landscape. Even low-skill attackers can scale their attacks using AI tools, making basic security practices like MFA, strong passwords, and updated patches more critical than ever. Organizations must stay vigilant.”