AI-Empowered Novice Hacker Breaches 600+ FortiGate Devices Worldwide

scsecFebruary 25, 20261 Mins read68 Views

AI-Powered Hacker Breaches FortiGate Devices Worldwide

A new type of cybercriminal has emerged: the AI-augmented hacker. A Russian-speaking individual, despite limited technical knowledge, managed to compromise more than 600 FortiGate security devices across 55 countries in just over a month.

According to Amazon Threat Intelligence, the attacks took place between January 11 and February 18, 2026. The hacker wasn’t exceptionally skilled but leveraged commercial AI tools to automate the process, transforming basic hacking techniques into a high-speed, global operation.

High-Speed Scanning
Traditionally, breaking into a global network requires a team of skilled hackers. This attacker, however, used AI to generate Python and Go scripts that performed tedious tasks automatically. The AI systematically scanned the internet for open management ports, including 443, 8443, 10443, and 4443, looking for easy access points.

Rather than relying on sophisticated exploits, the hacker used AI to test common or stolen passwords against these ports. Once access was gained, AI tools were used to read device settings and map the internal network of the victim.

Targeting Backups and Passwords
After infiltrating the devices, the attacker aimed for total control. They deployed widely-known tools like Meterpreter and Mimikatz to steal passwords from Active Directory servers. Alarmingly, the hacker specifically targeted Veeam Backup & Replication servers, since compromising backups could prevent companies from recovering their data, increasing the likelihood of ransom payments.

Ironically, the attacker’s reliance on AI was also a weakness. While AI could generate code, it often failed with more complex tasks. Advanced exploits, such as CVE-2019-7192 and CVE-2023-27532, were unsuccessful because the attacker lacked the expertise to adapt the AI-generated scripts to updated systems. The campaign was most effective against less secure targets in South Asia, Southeast Asia, Latin America, West Africa, and Northern Europe.

Staying Safe in the AI Era
Amazon’s security chief, CJ Moses, emphasizes that although AI introduces new threats, traditional security measures remain essential. Organizations should:

Ensure device management ports are not exposed to the public internet
Implement Multi-Factor Authentication (MFA)
Avoid password reuse between security devices and main networks
Keep all software and security patches up to date

These basic steps prevented many of the attacker’s advanced attempts from succeeding.

Previous post FBI Warns of Rising ATM Jackpotting Attacks, $20M Lost in 2025

Next post Romanian Hacker Extradited to US for $250K Oregon State Network Breach

1 Comment

scsec says:

February 25, 2026 at 08:55

This is a clear example of how AI is changing the cybersecurity landscape. Even low-skill attackers can scale their attacks using AI tools, making basic security practices like MFA, strong passwords, and updated patches more critical than ever. Organizations must stay vigilant.”

Reply