Russian cybercriminals just proved that AI can make bad hackers worse. Over five weeks this year, they used commercial AI tools to compromise more than 600 FortiGate devices across 55 countries.
Amazon's threat intelligence team caught them red-handed between January and February 2026. The attackers weren't exploiting new FortiGate vulnerabilities. They were using AI to get better at the boring bits of hacking.
How did AI make these attacks more effective?
The threat actors used generative AI services to streamline their operations. Think ChatGPT helping write better phishing emails, automate reconnaissance, and craft more convincing social engineering attacks.
This wasn't some sophisticated AI breakthrough. These criminals took everyday AI tools and applied them to cybercrime workflow. The scary part? It worked.
The Russian-speaking group appears financially motivated. They targeted FortiGate devices because these security appliances sit at network perimeters. Compromise one, and you often get access to everything behind it.
What exactly did they compromise?
Over 600 FortiGate devices across 55 countries fell victim. That's roughly 20 devices per country if spread evenly, though the distribution was likely clustered around high-value targets.
FortiGate devices are Fortinet's flagship firewalls. They protect corporate networks, government systems, and critical infrastructure. Getting inside one is like having keys to the castle.
The attackers didn't need zero-day exploits. They likely used known vulnerabilities in unpatched devices, credential stuffing, or weak authentication. AI just made them faster and more systematic about it.
