A fast-moving AI-Driven Attack has put FortiGate Devices in the spotlight after investigators linked a single campaign to more than 600 compromised appliances across 55 nations. Amazon Threat Intelligence tracked the activity from January 11 to February 18, showing how an operator with limited skills scaled impact by leaning on commercial generative AI for planning, tooling, and command generation. No new FortiGate Vulnerability chain was required. The campaign focused on exposed management interfaces, weak passwords, and single-factor logins, then turned stolen configurations into a map of each victim’s Network Security posture. This is the uncomfortable Cybersecurity lesson for teams who still treat perimeter management access as a convenience feature.
The pattern is consistent with profit-driven operations: harvest credentials, pivot into Windows domains, and line up backup infrastructure for leverage. One plausible path is ransomware staging, but the technique is broader: use AI to industrialize the boring parts of intrusion, then move on when resistance appears. It is not a story about a mythical super-hacker. It is a story about how AI makes old mistakes easier to exploit at Global scale, one exposed port at a time.
AI-Driven Attack timeline and Global footprint across FortiGate Devices
Telemetry linked the campaign to systematic scanning and access attempts against internet-reachable FortiGate administration surfaces. The activity clustered around common HTTPS management ports, including 443, 8443, 10443, and 4443, then followed with password guessing against reused credentials.
Amazon attributed the scanning to infrastructure observed at 212.11.64.250, with follow-on access leading to organization-level compromise in some cases. Multiple FortiGate Devices within the same entity were reached, suggesting shared credential habits or uniform exposure patterns across sites.
Compromised clusters were identified across South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia. The spread matters because it hints at automation over targeting, a hallmark of a financially motivated Threat operator optimizing for volume.
AI-Driven Attack mechanics: why no FortiGate Vulnerability was needed
The most damaging aspect is how ordinary the entry path looks. Instead of exploiting a FortiGate Vulnerability, the operator relied on exposed management ports and single-factor authentication, then let AI accelerate repeatable steps across many victims.
This is where AI changes the economics: it turns tedious tasks into an assembly line. When the attacker meets hardened controls, the playbook shows a willingness to abandon the target and move to a softer network, trading persistence for speed.
A practical way to frame it is simple. If an environment blocks automated paths, the operator’s throughput drops. If it does not, AI helps keep throughput high, which raises the odds of successful Malware delivery later in the chain.
AI-Driven toolchain behavior observed during the Attack
Amazon described multiple commercial generative AI services supporting different phases. One model acted as the primary backbone, while a secondary model helped with pivoting tasks when the operator needed alternative approaches inside a compromised network.
Publicly accessible attacker-controlled infrastructure hosted artifacts tied to the campaign. The collection included AI-generated attack plans, victim configuration data, and source code for custom tooling, reinforcing the idea of a repeatable pipeline rather than bespoke intrusion work.
AI-Driven post-exploitation on FortiGate Devices: from configs to credential theft
Once a FortiGate device was accessed, the attacker extracted full configurations. Those configs often expose network topology, VPN parameters, and stored secrets, which converts a perimeter foothold into a roadmap for lateral movement.
From there, the operator pivoted to internal reconnaissance and credential operations. Amazon noted use of Nuclei for vulnerability scanning and actions consistent with Windows domain compromise, including credential harvesting and Active Directory targeting.
To ground this in a realistic scenario, consider a mid-size logistics company with several branch firewalls configured the same way. One exposed management interface plus reused admin credentials can hand over multiple sites, which turns a local misconfiguration into a Global incident in hours.
AI-Driven reconnaissance tooling and code quality signals
Following VPN access, the actor deployed a custom reconnaissance utility, with variants written in Go and Python. Code analysis pointed to AI-assisted development patterns such as redundant comments, simplistic structure, and fragile parsing logic.
Those signals are operationally useful for defenders. They suggest the tool author optimized for quick iteration and readability over resilience, which often leaves consistent file paths, predictable output, and repetitive command patterns that detection teams can hunt.
AI-Driven Attack paths mapped to ransomware prep and Malware risk
Amazon’s investigation connected the activity to deeper enterprise compromise. Observed outcomes included Active Directory database extraction and attempts to access or weaken backup infrastructure, a common prelude to ransomware execution.
Documented operator notes showed repeated failures beyond straightforward automation, with targets blocking progress by patching services or closing ports. This reinforces a key point: strong fundamentals still break the chain, even against AI-assisted workflows.
Backup targeting stood out, including focus on Veeam Backup & Replication and known issues such as CVE-2023-27532 and CVE-2024-40711. The immediate takeaway is clear: Malware impact often depends less on the first foothold and more on whether backups are reachable and recoverable.
AI-Driven Threat updates: DeepSeek, Claude, and an MCP bridge server
A separate disclosure by Cyber and Ramen tied the same campaign to DeepSeek and Anthropic Claude used for attack planning and coding assistance. It also described an MCP server acting as a bridge to language models and maintaining a growing knowledge base per target.
The server at 212.11.64.250 was reported to host more than 1,400 files across 139 subdirectories, including FortiGate configuration files, Nuclei templates, credential extraction utilities, BloodHound collection output, and exploit code. A custom MCP component named ARXON was described as processing scan results and triggering model-driven planning steps, while a Go-based orchestrator named CHECKER2 handled parallel VPN scanning and target processing.
The practical significance is not the brand names of the models. It is the workflow: one operator managing multiple intrusions while an AI layer keeps notes, proposes next steps, and standardizes execution across victims.
AI-Driven defense priorities for FortiGate Devices and Network Security
Defenders do not need exotic countermeasures to blunt this Threat. They need disciplined perimeter hygiene, tight identity controls, and verification that backup systems remain isolated and recoverable when the worst happens.
Key actions to reduce exposure from this style of AI-Driven Attack:
- Remove FortiGate management interfaces from direct internet exposure and restrict admin access to VPN or dedicated management networks.
- Enforce multi-factor authentication for administrative and VPN access, and disable single-factor logins wherever they exist.
- Replace default and commonly reused credentials, rotate SSL-VPN user passwords, and audit for new or unexpected admin accounts.
- Monitor for scanning against ports 443, 8443, 10443, and 4443, and investigate unusual authentication patterns tied to perimeter devices.
- Segment the network so firewall access does not imply domain reachability, and add detections for post-exploitation indicators.
- Harden Active Directory against DCSync abuse and reduce lateral movement paths such as pass-the-hash and NTLM relay conditions.
- Isolate backup servers from general network access, patch Veeam promptly, and test restores under incident conditions.
AI did not invent these weaknesses. It scales the consequences when basics are skipped, which is why perimeter discipline remains the fastest path to stronger Cybersecurity outcomes.
Our opinion
This campaign is a clean demonstration of where the AI-Driven shift is heading: more volume, faster iteration, and fewer excuses for sloppy access controls. The attacker did not need a novel FortiGate Vulnerability, only exposed services and predictable credentials, then used AI to keep the operation organized across a Global target set.
The most important lesson for Network Security teams is uncomfortable but actionable. If management planes remain reachable from the internet and identity controls stay weak, AI will keep turning those gaps into repeatable Attacks. Share this analysis with the person who owns perimeter configuration and the person who owns identity, because the fix spans both.