Russian-speaking threat actor campaign expands across multiple victims
Campaign
Summary
Hide ▲
Show ▼
A Russian-speaking threat actor ran an AI-augmented campaign against FortiGate security appliances, using multiple commercial AI services to scale compromise attempts across a wide global target set. The operation mattered because it reached more than 600 appliances in at least 55 countries over five weeks, showing how commercial AI can amplify offensive tradecraft.
Related Happenings
Russian-speaking FortiGate and Microsoft SQL Server bruteforce campaign
Campaign
H score82
First: 17.06.2026 18:12
Last: 17.06.2026 18:12
Sources 1
About this happening:
A Russian-speaking multi-operator threat group ran a **FortiGate** and **Microsoft SQL Server** bruteforce campaign that generated **billions of credential attempts**, raising the...
Russian-speaking FortiGate and Microsoft SQL Server bruteforce campaign
CampaignAbout this happening: A Russian-speaking multi-operator threat group ran a **FortiGate** and **Microsoft SQL Server** bruteforce campaign that generated **billions of credential attempts**, raising the...
Sentry agentjacking analysis shows malicious error events can trigger AI coding agents
Technical Analysis
H score38
First: 11.06.2026 12:15
Last: 11.06.2026 12:15
Sources 1
About this happening:
Researchers described **Agentjacking** as a new attack against **AI coding agents** that abuses **Sentry DSNs** and **MCP** to inject fake error data, causing agents like **Claude...
Sentry agentjacking analysis shows malicious error events can trigger AI coding agents
Technical AnalysisAbout this happening: Researchers described **Agentjacking** as a new attack against **AI coding agents** that abuses **Sentry DSNs** and **MCP** to inject fake error data, causing agents like **Claude...
Shadow-Aether-040 AI-augmented campaign against Mexican government entities
Campaign
H score41
First: 13.05.2026 16:00
Last: 13.05.2026 16:00
Sources 1
About this happening:
The **Shadow-Aether-040** campaign used **AI agents** and custom tooling to compromise **six government entities in Mexico**, increasing the risk of follow-on intrusion and **data...
Shadow-Aether-040 AI-augmented campaign against Mexican government entities
CampaignAbout this happening: The **Shadow-Aether-040** campaign used **AI agents** and custom tooling to compromise **six government entities in Mexico**, increasing the risk of follow-on intrusion and **data...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
Campaign
H score30
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
CampaignAbout this happening: An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
China-nexus agentic tools attack campaign targeting Japanese technology and East Asian cybersecurity organizations
Campaign
H score31
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
A **China-nexus actor** used **agentic tools** in a targeted attack against a **Japanese technology firm** and an **East Asian cybersecurity platform**, showing how AI-driven orch...
China-nexus agentic tools attack campaign targeting Japanese technology and East Asian cybersecurity organizations
CampaignAbout this happening: A **China-nexus actor** used **agentic tools** in a targeted attack against a **Japanese technology firm** and an **East Asian cybersecurity platform**, showing how AI-driven orch...
Timeline
-
09.03.2026 01:35 2 articles · 4mo ago
Russian-speaking threat actor campaign expands across multiple victims
Initial DisclosureIn **February**, the actor began using **commercial AI services** to plan and carry out compromise attempts against **FortiGate security appliances**. The first phase concentrated on finding **exposed management ports** and **weak credentials**, setting up a campaign that would spread across **55 countries**.
Show sources
- How AI Assistants are Moving the Security Goalposts — krebsonsecurity.com — 09.03.2026 01:35
- How AI Assistants are Moving the Security Goalposts — krebsonsecurity.com — 09.03.2026 01:35