On 2026-02-22, Amazon Threat Intelligence released a detailed advisory titled “Advisory on AI-augmented mass compromise of internet-exposed FortiGate management interfaces (600+ devices reported).

” The report documents a large‑scale cyberattack that spanned 55 countries and impacted more than 600 FortiGate appliances between January 11 and February 18, 2026. The operation leveraged commercial generative AI services to lower the technical barriers for a financially motivated threat actor, allowing a small group to execute attacks at a scale that would previously require a larger, more skilled team.

The attackers began by performing automated scans on the four common FortiGate management ports—443, 8443, 10443, and 4443. They identified devices that were reachable from the public internet and were protected by weak or reused single‑factor credentials. No zero‑day vulnerabilities or novel exploitation techniques were required; the attack relied solely on credential theft.

Once authenticated, the threat actors extracted configuration files from the devices. These files were high‑value because they contained SSL‑VPN user passwords, administrative credentials, full network topologies, IPsec VPN peer information, and firewall policies that exposed internal architecture. The actors parsed, decrypted, and organized the data using AI‑assisted Python scripts, enabling efficient large‑scale credential harvesting.

The campaign was opportunistic, targeting devices without sector bias. However, Amazon identified patterns where multiple devices from the same organization were compromised, including clusters that appeared to belong to managed service provider deployments. Concentrations of breaches were observed in South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia.

AI served as the backbone of the operation. The threat actor used at least two distinct commercial large language model (LLM) providers in every phase:

• • One LLM was used to develop and plan the attack, generating scripts and strategy.
  • The second LLM assisted in pivoting within compromised networks, providing step‑by‑step lateral movement guidance.

A documented example shows the actor submitting a full network topology—including IP addresses, hostnames, active credentials, and identified services—to an AI service, then requesting detailed guidance on lateral movement. Amazon analysts described the operation as an “AI‑powered assembly line for cybercrime.”

Post‑exploitation followed a structured methodology. The actor deployed Meterpreter with the Mimikatz module to perform DCSync attacks against domain controllers, extracting complete NTLM credential databases from multiple Active Directory environments. In at least one confirmed compromise, the Domain Administrator account used a plaintext password that was either reused from the FortiGate configuration or independently weak. Lateral movement was achieved through pass‑the‑hash, pass‑the‑ticket, and NTLM relay attacks. Veeam Backup & Replication servers were specifically targeted using PowerShell scripts and compiled decryption tools, allowing the actor to destroy recovery capabilities ahead of ransomware deployment.

Despite the scale, Amazon’s analysis revealed consistent skill limitations. The threat actor repeatedly failed against hardened environments and abandoned targets with effective defenses, indicating that their advantage lies in AI‑augmented efficiency and volume rather than deep technical expertise. The AI‑generated reconnaissance framework, written in Go and Python, exhibited hallmarks of unsophisticated development: redundant comments, naive JSON parsing, and empty documentation stubs.

Vulnerabilities leveraged by the attackers included:

• CVE‑2019‑7192 (FortiOS 9.8) – Path traversal allowing unauthenticated credential access.
• CVE‑2023‑27532 (Veeam Backup & Replication 7.5) – Unauthenticated API access for credential extraction.
• CVE‑2024‑40711 (Veeam Backup & Replication 9.8) – Remote code execution via deserialization flaw.

Amazon responded by sharing indicators of compromise with industry partners to coordinate disruption across affected countries. Organizations running FortiGate appliances should immediately remove management interfaces from internet exposure, enforce multi‑factor authentication for all VPN and administrative access, rotate SSL‑VPN and administrative credentials, and audit Active Directory for DCSync activity (Event ID 4662).

Given the campaign’s reliance on legitimate open‑source tools—Impacket, gogo, and Nuclei behavioral detection—over traditional signature‑based IOC approaches, it is strongly recommended to monitor for:

• Anomalous VPN authentication patterns.
• Unexpected Active Directory replication events.
• Unauthorized PowerShell module loading on backup servers.

Indicators of compromise noted in the report include:

• IP 212.[.]11.[.]64.[]250 – Threat actor infrastructure used for scanning and exploitation operations (Jan 11 – Feb 18, 2026).
• IP 185.[.]196.[.]11.[]225 – Threat actor infrastructure used for threat operations (Jan 11 – Feb 18, 2026).

In conclusion, the Amazon advisory demonstrates how AI can transform offensive cyber operations, enabling low‑skill actors to conduct large‑scale attacks with minimal technical expertise. By following the mitigation steps outlined above and maintaining vigilance for the listed IOCs, organizations can better protect their FortiGate deployments and associated critical infrastructure from similar future threats.