Summary

A financially motivated threat actor, using commercial generative AI services, has compromised over 600 FortiGate devices across 55 countries. This activity was observed by Amazon Threat Intelligence between January 11 and February 18, 2026.

Key Points

• A Russian-speaking threat actor is responsible for the compromise.
• Over 600 FortiGate devices were affected in 55 countries.
• The threat actor utilized commercial generative AI services.
• The activity was observed from January 11 to February 18, 2026.
• The findings were reported by Amazon Threat Intelligence.

Analysis

The use of generative AI services by threat actors represents a significant evolution in cyber threats, enabling more sophisticated and widespread attacks. The compromise of FortiGate devices, which are critical for network security, highlights the growing risks associated with AI-assisted cybercrime. This incident underscores the need for enhanced security measures and vigilance in monitoring AI-driven threats.

Conclusion

IT professionals should prioritize updating and securing FortiGate devices and remain vigilant against AI-assisted threats. Regular monitoring and employing advanced threat detection tools are recommended to mitigate such risks.