AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries
Summary
A financially motivated, Russian-speaking threat actor leveraged commercial generative AI to compromise over 600 FortiGate devices across 55 countries between January and February 2026, according to Amazon Threat Intelligence. The attackers did not exploit a FortiGate vulnerability, but rather appear to have used compromised credentials or unpatched systems in some cases.
IFF Assessment
The compromise of hundreds of FortiGate devices indicates a successful attack campaign against a widely used security product.
Defender Context
This highlights the growing trend of threat actors utilizing AI to enhance their attack capabilities, including reconnaissance, credential stuffing, and potentially social engineering. Defenders need to monitor for unusual login attempts, prioritize patching, and implement strong multi-factor authentication to mitigate the risk of credential-based attacks.