Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Fortinet FortiGate CyberStrikeAI-assisted hacking campaign

Campaign
First reported
Last updated
Happening score
H score 50
2 unique sources, 2 articles

Summary

Hide ▲

An AI-assisted campaign targeting Fortinet FortiGate firewalls has been tied to CyberStrikeAI infrastructure, suggesting automated tooling is helping scale attacks against exposed edge devices. It had already breached more than 500 devices in five weeks, making the operation a high-volume intrusion effort. Researchers also linked 212.11.64[.]250 to the activity after seeing a CyberStrikeAI service banner on port 8080 and network traffic to targeted Fortinet devices. The infrastructure footprint expanded to 21 unique IP addresses across China, Singapore, Hong Kong, the United States, Japan, and Europe between January 20 and February 26, 2026.

Related Happenings

Fortinet security patch release for CVE-2026-44277

Security Patch Release
First: 12.05.2026 21:23 Last: 12.05.2026 21:23 Sources 1

About this happening: Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...

Open Happening

Widespread exposure and misconfiguration in self-hosted AI infrastructure

Target Trend
First: 05.05.2026 13:30 Last: 05.05.2026 13:30 Sources 1

About this happening: A large-scale measurement found **self-hosted AI infrastructure** was being deployed with **widespread exposure and no authentication**, creating a broad risk of data theft, workf...

Open Happening

Sharp rise in brute-force attempts against SonicWall and Fortinet edge devices

Target Trend
First: 15.04.2026 12:30 Last: 15.04.2026 12:30 Sources 1

About this happening: A **sharp rise** in brute-force attempts against **SonicWall** and **Fortinet** edge devices is increasing risk of perimeter-device compromise across organizations that rely on VP...

Open Happening

FortiGate NGFW abuse campaign targeting healthcare, government, and managed service providers

Campaign
First: 10.03.2026 18:21 Last: 10.03.2026 18:21 Sources 1

About this happening: A **new FortiGate abuse campaign** is using **FortiGate NGFW appliances** as entry points to breach victim networks, creating immediate risk for **healthcare**, **government**, an...

Open Happening

Rising zero-day exploitation across end-user and enterprise products in 2025

Target Trend
First: 05.03.2026 17:03 Last: 05.03.2026 17:03 Sources 1

About this happening: **Zero-day exploitation** stayed elevated in **2025**, with **90 actively exploited flaws** spread across **end-user platforms** and **enterprise products**. That matters because...

Open Happening

Timeline

  1. 03.03.2026 02:06 2 articles · 2mo ago

    CyberStrikeAI activity on 212.11.64[.]250

    Detection Ioc Update

    Team Cymru's NetFlow analysis linked 212.11.64[.]250 to the Fortinet FortiGate-targeting campaign after identifying a CyberStrikeAI service banner on port 8080 and traffic between that host and FortiGate devices targeted by the same threat actor.

    Show sources
    Open in new tab
  2. 03.03.2026 02:06 1 articles · 2mo ago

    Team Cymru publicly links CyberStrikeAI to the FortiGate campaign

    Initial Disclosure

    Team Cymru disclosed that the same threat actor behind the Fortinet FortiGate campaign was observed using CyberStrikeAI infrastructure, including 212.11.64[.]250, and warned that AI-native orchestration engines could accelerate automated targeting of exposed edge devices.

    Show sources
    Open in new tab