When AI Gives Script Kiddies Superpowers: The 600-Device Fortinet Breach

CybrPulse

CybrPulse

4 min read
When AI Gives Script Kiddies Superpowers: The 600-Device Fortinet Breach

February 24, 2026

A financially motivated hacker just compromised over 600 Fortinet FortiGate firewalls across 55 countries in five weeks. The twist? They weren't particularly skilled. They just had access to ChatGPT's cousins.

Amazon's threat intelligence team documented this campaign between January 11 and February 18, 2026, and their assessment is blunt: this was an "unsophisticated actor" who used commercial AI tools to bridge their skill gap. We're watching the barrier to entry for cybercrime collapse in real-time.

The Attack in Numbers

  • 600+ FortiGate devices compromised
  • 55 countries affected (South Asia, Latin America, Caribbean, West Africa, Northern Europe, Southeast Asia)
  • 5 weeks from start to finish
  • Zero exploits used - just exposed management ports and weak credentials
  • 2 AI tools powered the entire operation (DeepSeek and Anthropic Claude, according to later analysis)

What used to require a skilled team with deep technical knowledge now fits in one person's workflow, augmented by AI that writes code, generates attack plans, and automates reconnaissance.

How It Worked

The attacker's playbook was straightforward:

  1. Scan the internet for exposed FortiGate management interfaces (ports 443, 8443, 10443, 4443)
  2. Try common credentials - no fancy exploits, just automated credential stuffing
  3. Exploit FortiCloud SSO to create rogue admin accounts
  4. Download full firewall configs within seconds (automated, not manual)
  5. Extract credentials and network topology from stolen configs
  6. Move deeper into victim networks via VPN access

The scanning activity originated from IP address 212.11.64.250, which researchers later found hosting over 1,400 files across 139 subdirectories. The attacker's entire operation was sitting there: AI-generated attack plans, victim configurations, custom tools, and a growing knowledge base that got smarter with each target.

The AI Assembly Line

Amazon described the operation as an "AI-powered assembly line for cybercrime." Here's what that looked like:

DeepSeek generated attack plans from reconnaissance data. Feed it scan results, get back a step-by-step plan for compromising that specific network.

Claude (Anthropic's coding model) produced vulnerability assessments during intrusions and was configured to execute offensive tools on victim systems. Not just planning - active participation.

A custom Model Context Protocol (MCP) server called ARXON acted as the bridge, maintaining a knowledge base that grew with each target. Every compromise made the system smarter for the next one.

The code itself screamed "AI-generated" - redundant comments that just restated function names, simplistic architecture with way too much investment in formatting, naive JSON parsing via string matching instead of proper deserialization. This wasn't written by a developer. It was written by someone asking AI, "write me a tool that does X."

What They Did After Getting In

Once inside, the attacker followed a classic ransomware playbook:

  • DCSync attacks to achieve domain compromise
  • Pass-the-hash/pass-the-ticket attacks for lateral movement
  • NTLM relay attacks and remote command execution on Windows hosts
  • Targeted Veeam backup servers with credential harvesting tools (exploiting CVE-2023-27532 and CVE-2024-40711)

Multiple organizations had their Active Directory environments compromised, complete credential databases extracted, and backup infrastructure targeted. All the hallmarks of ransomware preparation.

But here's the interesting part: when the attacker hit anything beyond "the most straightforward, automated attack paths," they failed. Their own documentation (exposed on that server) shows repeated failures when targets had patched services, closed ports, or lacked obvious exploitation vectors.

So they just moved on to easier targets. AI didn't make them skilled - it made them efficient at finding soft targets at scale.

The Vulnerability Confusion

This campaign exploited CVE-2025-59718 and the newer CVE-2026-24858, both authentication bypass flaws in FortiGate's FortiCloud SSO feature. Fortinet patched the first one in early December with FortiOS 7.4.9.

Except they didn't. Not completely.

Admins started reporting successful attacks on patched firewalls. Fortinet allegedly confirmed that version 7.4.10 still doesn't fully address the flaw. Arctic Wolf documented rogue accounts being created via SSO logins from cloud-init@mail.io and cloud-noc@mail.io on IP 104.28.244.114.

CISA added CVE-2025-59718 to its Known Exploited Vulnerabilities catalog on December 16. By January 26, Fortinet temporarily disabled all FortiCloud SSO authentication to stop the bleeding, then reinstated it on January 27 with additional mitigations.

As of now, Shadowserver is tracking nearly 11,000 Fortinet devices still exposed online with FortiCloud SSO enabled.

What This Means

We just watched one person (or a small group) pull off what would have previously required a significantly larger and more skilled team. They didn't need to discover new vulnerabilities or develop sophisticated malware. They needed:

  • Exposed management interfaces (found via automated scanning)
  • Weak credentials (tried via automated stuffing)
  • AI tools (subscriptions, not expertise)

That's it. The rest was orchestrated by DeepSeek and Claude.

Amazon's CISO put it plainly: "AI augmentation achieved an operational scale that would have previously required a significantly larger and more skilled team." When the attacker encountered anything complex - hardened environments, sophisticated security controls - they didn't persist. They just dropped that target and found an easier one.

This is the new threat model. Not highly skilled APT groups with state sponsorship. Just motivated individuals with AI subscriptions targeting the path of least resistance at industrial scale.

What You Should Do

The fundamentals still work, and they matter more now than ever:

  1. Don't expose management interfaces to the internet - seriously, why is this still happening?
  2. Disable FortiCloud SSO if you're not actively using it (System → Settings → "Allow administrative login using FortiCloud SSO" → Off)
  3. Change default credentials and rotate SSL-VPN user credentials
  4. Implement MFA for administrative and VPN access
  5. Audit for unauthorized accounts - look for cloud-init@mail.io, cloud-noc@mail.io, or similar generic accounts
  6. Isolate backup servers from general network access
  7. Monitor for configuration downloads - if your firewall config is being exported and you didn't do it, that's a problem

Patch management, credential hygiene, network segmentation, and robust detection. Nothing exotic. Just the basics, done right.

Because while AI can't make a script kiddie into an elite operator, it can absolutely help them find and exploit every organization that's skipping the basics.

*This analysis draws from reports by Amazon Threat Intelligence, Arctic Wolf, Cyber and Ramen, BleepingComputer, and The Hacker News. The attacker's infrastructure at 212.11.64.250 was exposed and documented by researchers before being taken offline.*

Read more