UrsaClimb Logo

600+ FortiGate Devices Hacked by AI-Armed Amateur

Dark Reading
by Alexander Culafi
February 23, 2026
AI-Generated Deep Dive Summary
A financially motivated Russian-speaking hacker utilized generative AI (GenAI) to compromise over 600 FortiGate firewalls, highlighting how AI is lowering the technical barriers for cyberattacks. The attacker targeted exposed management ports with weak credentials and single-factor authentication, exploiting fundamental security gaps rather than relying on sophisticated vulnerabilities. This campaign underscores the growing trend of cybercriminals leveraging AI tools to scale their operations, bypassing the need for advanced technical skills. The attack, detected between January and February, affected devices across more than 55 countries, including regions like South Asia, Latin America, and Northern Europe. The hacker used GenAI services throughout the process—conducting network reconnaissance, creating custom exploitation tools, and automating tasks to achieve large-scale breaches efficiently. Initial access was gained by scanning ports 443, 8443, 10443, and 4443 for commonly reused credentials on FortiGate management interfaces. The attacker specifically targeted Veeam Backup & Replication servers, which store high-value credentials, to disrupt backup infrastructure and prepare for ransomware deployment. This strategy demonstrates how AI can enhance the efficiency of even less skilled actors by enabling large-scale campaigns that would previously require significant technical expertise and resources. This incident is part of a broader trend where cybercriminals are increasingly adopting AI tools for reconnaissance, social engineering, and automation. While the attacker appeared technically unsophisticated, their use of GenAI allowed them to achieve operational scale comparable to more advanced groups. The findings emphasize the importance of securing management interfaces with multi-factor authentication and strong password policies to mitigate such risks. For organizations, this serves as a critical reminder of the evolving threat landscape. As AI continues to empower even amateur attackers, businesses must prioritize robust cybersecurity measures to protect their networks and data from increasingly sophisticated yet low-skilled threats.
Verticals
securitytech
Originally published on Dark Reading on 2/23/2026