Key Findings:

• A Russian-speaking threat actor compromised over 600 FortiGate firewalls across 55 countries in just 5 weeks

• The attacker systematically used generative AI and large language models (LLMs) to write tools and plan follow-on actions inside victim networks

• The campaign did not rely on zero-day vulnerabilities, instead targeting publicly accessible admin panels and VPN portals protected by weak credentials

• Stolen FortiGate configurations provided detailed information on victim environments, which was further processed using AI-generated scripts

• Lateral movement involved deploying custom reconnaissance tools and leveraging techniques like DCSync attacks against domain controllers and targeting backup servers

• Infrastructure analysis revealed a custom MCP server called ARXON that acted as a bridge between exfiltrated data and commercial AI services for further processing

Background

Amazon security specialists have disclosed details on a large-scale, targeted campaign against FortiGate firewalls conducted by a Russian-speaking threat actor. The operation stands out for its extensive use of generative AI and large language models (LLMs) not only to write tools, but also to plan and execute follow-on actions inside victim networks.

Scope and Timeline of the FortiGate Firewall Attacks

According to Amazon, the malicious campaign ran from 11 January to 18 February 2026, with victims located across South Asia, Latin America, Africa, Europe and other regions. The attacker specifically targeted organizations exposing FortiGate management and VPN interfaces directly to the internet, compromising over 600 devices in 55 countries.

Attack Chain: Exposed Interfaces, Brute Force and Configuration Theft

The threat actor conducted widespread internet scanning to identify accessible FortiGate VPN and administration interfaces, then launched brute-force password attacks until administrator accounts were compromised. After gaining access, the intruder systematically exfiltrated the FortiGate configurations, including sensitive information like SSL-VPN credentials, firewall policies and network topology data.

How Generative AI Powered the FortiGate Intrusion Toolkit

Amazon's analysis found clear indications that the attacker's tools were generated or heavily assisted by AI, exhibiting characteristics like excessive comments, redundant function names and naive JSON handling. Despite their mediocre quality, these AI-powered scripts were effective in automating configuration analysis, target selection and data preparation for follow-on attacks.

Lateral Movement: From VPN Access to Domain Controllers and Backups

With VPN access in hand, the attacker deployed custom reconnaissance tools written in Go and Python to perform DCSync attacks against Windows domain controllers and target Veeam Backup & Replication servers, a common target in modern ransomware campaigns.

Attacker Infrastructure: ARXON MCP Server, CHECKER2 Scanner and LLM Orchestration

An independent researcher located a misconfigured server operated by the attacker, which contained 1,402 files including stolen FortiGate configurations, credential dumps and detailed attack plans. On this server, investigators found a custom MCP server called ARXON that acted as a bridge between exfiltrated data and commercial AI services for further processing.

Sources

• https://thehackernews.com/2026/03/open-source-cyberstrikeai-deployed-in.html

• https://cybersecurefox.com/en/llm-powered-attack-fortigate-firewalls

• https://cybersecurefox.com?p=36802

• https://www.cybersecurityintelligence.com/blog/hacker-deploys-ai-to-attack-fortigate-devices-across-55-countries-extract-9160.html