.svg){kind=spacer}
March 23, 2026
The article says a financially motivated, Russian-speaking threat actor used commercial generative AI tools to help compromise more than 600 FortiGate devices in 55 countries between January 11 and February 18, 2026. The key point is that the attackers did not rely on a new FortiGate software flaw. Instead, they scanned the internet for exposed FortiGate management interfaces and then brute-forced weak, single-factor passwords. The piece argues this shows how AI can help even relatively low-skill attackers scale very ordinary attack methods much faster and across many targets.
Once inside, the attackers reportedly stole full firewall configuration files, which gave them VPN credentials, admin credentials, and detailed network topology information. That access then let them move deeper into victim environments, including attempts to harvest Active Directory credentials and reach backup systems—the kind of activity often seen before ransomware deployment. In simple terms, the article’s warning is that basic weaknesses like internet-exposed admin ports, poor password hygiene, and missing MFA can turn a firewall compromise into a much bigger risk, including possible staging for attacks that could spill toward OT-connected networks.
