"The tech giant described the threat actor as having limited technical capabilities, a constraint they overcame by relying on multiple commercial generative AI tools to implement various phases of the attack cycle, such as tool development, attack planning, and command generation. While one AI tool served as the primary backbone of the operation, the attackers also relied on a second AI tool as a fallback to assist with pivoting within a specific compromised network."
"As recently highlighted by Google, generative AI tools are being increasingly adopted by threat actors to scale and accelerate their operations, even if they don't equip them with novel uses of the technology. If anything, the emergence of AI tools illustrates how capabilities that were once off-limits to novice or technically challenged threat actors are becoming increasingly feasible, further lowering the barrier to entry for cybercrime and enabling them to come up with attack methodologies."
A Russian-speaking, financially motivated threat actor used commercial generative AI services to compromise over 600 FortiGate devices across 55 countries between January 11 and February 18, 2026. No FortiGate vulnerabilities were exploited; the campaign succeeded by targeting exposed management ports and weak single-factor credentials. The actor had limited technical capabilities and relied on multiple commercial generative AI tools for tool development, attack planning, and command generation, using a primary AI tool and a secondary fallback for pivoting. The actor is assessed as financially motivated, not state-linked. The campaign demonstrates how generative AI lowers the barrier to entry for cybercrime.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]