Russian-speaking hacker AI-assisted FortiGate breach campaign
Campaign
Summary
Hide ▲
Show ▼
The Russian-speaking threat actor ran an AI-assisted FortiGate breach campaign from January 11 to February 18, 2026, compromising over 600 FortiGate devices across more than 55 countries. The operation focused on internet-exposed management interfaces and reused credentials without MFA rather than known FortiGate vulnerability exploitation. Once inside, the actor used GenAI tools to automate reconnaissance and build scripts for configuration parsing, credential handling, and target prioritization. The same campaign also targeted Veeam Backup & Replication infrastructure and referenced attempts against CVE-2019-7192, CVE-2023-27532, and CVE-2024-40711.
Related Happenings
Fortinet security patch release for CVE-2026-44277
Security Patch Release
First: 12.05.2026 21:23
Last: 12.05.2026 21:23
Sources 1
About this happening:
Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...
Fortinet security patch release for CVE-2026-44277
Security Patch ReleaseAbout this happening: Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...
OpenAI launches Daybreak cybersecurity initiative for AI-powered vulnerability detection and patch validation
Security Tool/Service
First: 12.05.2026 09:55
Last: 12.05.2026 09:55
Sources 1
About this happening:
OpenAI's **Daybreak** launch adds an **AI-powered cybersecurity service** for **vulnerability detection** and **patch validation**, helping organizations fix flaws before attacker...
OpenAI launches Daybreak cybersecurity initiative for AI-powered vulnerability detection and patch validation
Security Tool/ServiceAbout this happening: OpenAI's **Daybreak** launch adds an **AI-powered cybersecurity service** for **vulnerability detection** and **patch validation**, helping organizations fix flaws before attacker...
China-nexus agentic tools attack campaign targeting Japanese technology and East Asian cybersecurity organizations
Campaign
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
A **China-nexus actor** used **agentic tools** in a targeted attack against a **Japanese technology firm** and an **East Asian cybersecurity platform**, showing how AI-driven orch...
China-nexus agentic tools attack campaign targeting Japanese technology and East Asian cybersecurity organizations
CampaignAbout this happening: A **China-nexus actor** used **agentic tools** in a targeted attack against a **Japanese technology firm** and an **East Asian cybersecurity platform**, showing how AI-driven orch...
PhantomCore TrueConf server targeting campaign in Russia
Campaign
First: 27.04.2026 14:54
Last: 27.04.2026 14:54
Sources 1
About this happening:
**PhantomCore** is running an **active campaign** against **TrueConf servers in Russia**, and successful intrusions can give attackers a foothold for deeper network access. The gr...
PhantomCore TrueConf server targeting campaign in Russia
CampaignAbout this happening: **PhantomCore** is running an **active campaign** against **TrueConf servers in Russia**, and successful intrusions can give attackers a foothold for deeper network access. The gr...
Sharp rise in brute-force attempts against SonicWall and Fortinet edge devices
Target Trend
First: 15.04.2026 12:30
Last: 15.04.2026 12:30
Sources 1
About this happening:
A **sharp rise** in brute-force attempts against **SonicWall** and **Fortinet** edge devices is increasing risk of perimeter-device compromise across organizations that rely on VP...
Sharp rise in brute-force attempts against SonicWall and Fortinet edge devices
Target TrendAbout this happening: A **sharp rise** in brute-force attempts against **SonicWall** and **Fortinet** edge devices is increasing risk of perimeter-device compromise across organizations that rely on VP...
Timeline
-
21.02.2026 15:50 3 articles · 3mo ago
Amazon warns of AI-assisted FortiGate breach campaign
Initial DisclosureAmazon warned that a Russian-speaking hacker used multiple generative AI services in a five-week campaign against FortiGate firewalls across 55 countries, targeting internet-exposed management interfaces on ports 443, 8443, 10443, and 4443, abusing weak credentials without MFA, and then using AI-assisted Go and Python tooling to automate reconnaissance and extend access inside breached networks. The same activity also targeted Veeam Backup & Replication servers and referenced attempts to exploit CVE-2019-7192, CVE-2023-27532, and CVE-2024-40711.
Show sources
- Amazon: AI-assisted hacker breached 600 FortiGate firewalls in 5 weeks — www.bleepingcomputer.com — 21.02.2026 15:50
- AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries — thehackernews.com — 21.02.2026 16:49
- Russian Cyber Threat Actor Uses GenAI to Compromise Fortinet Firewalls — www.infosecurity-magazine.com — 23.02.2026 14:30