AI Tools Used in Large-Scale Cyberattack
What happened
Amazon Threat Intelligence exposed a Russian-speaking actor who used the DeepSeek and Claude LLMs for attack planning and automated exploitation. The operator successfully breached over 600 FortiGate firewalls worldwide in five weeks. The incident highlights the dual-use nature of advanced AI models for both defensive and offensive cyber operations.
Why it matters
- The financially motivated Russian-speaking actor did not exploit any specific FortiGate vulnerabilities, but instead targeted devices with exposed management ports and weak credentials that lacked multi-factor authentication. This method allowed the attacker, assessed as having low-to-medium technical skill, to achieve a scale previously requiring a more sophisticated team. - The attack, which ran from January 11 to February 18, 2026, involved systematically scanning for FortiGate management interfaces on ports 443, 8443, 10443, and 4443 from the IP address 212.11.64[.]250. - DeepSeek was utilized to generate attack plans from reconnaissance data, while Anthropic's Claude was used to produce vulnerability assessments and execute offensive tools against victim systems. The operation was managed through a custom-built Model Context Protocol (MCP) server named ARXON. - Once initial access was gained, the operator exfiltrated full device configurations, which included SSL-VPN credentials, administrative passwords, firewall policies, and internal network maps. AI-assisted Python and Go scripts were used to parse and decrypt this stolen data. - Post-breach activities showed signs of a pre-ransomware operation, with the actor compromising Microsoft Active Directory environments, extracting credential databases, and specifically targeting backup infrastructure like Veeam Backup & Replication servers. - Despite the use of AI for scale, the actor's operational notes revealed repeated failures when attempting to exploit anything beyond simple, automated attack paths, often abandoning more hardened targets. - Security researchers from Cyber and Ramen discovered the attacker's misconfigured server, which hosted 1,402 files including stolen firewall backups, credential dumps, AI session artifacts, and operational notes written in Russian. - This incident is part of a larger trend of cybercriminals using generative AI to lower the barrier to entry for offensive operations, enabling less skilled actors to automate and scale their attacks.
Key numbers
- The operator successfully breached over 600 FortiGate firewalls worldwide in five weeks.
- The attack, which ran from January 11 to February 18, 2026, involved systematically scanning for FortiGate management interfaces on ports 443, 8443, 10443, and 4443 from the IP address 212.11.64[.]250.
- Security researchers from Cyber and Ramen discovered the attacker's misconfigured server, which hosted 1,402 files including stolen firewall backups, credential dumps, AI session artifacts, and operational notes written in Russian.
What happens next
- DeepSeek was utilized to generate attack plans from reconnaissance data, while Anthropic's Claude was used to produce vulnerability assessments and execute offensive tools against victim systems.
- Despite the use of AI for scale, the actor's operational notes revealed repeated failures when attempting to exploit anything beyond simple, automated attack paths, often abandoning more hardened targets.
Quick answers
What happened in AI Tools Used in Large-Scale Cyberattack?
Amazon Threat Intelligence exposed a Russian-speaking actor who used the DeepSeek and Claude LLMs for attack planning and automated exploitation. The operator successfully breached over 600 FortiGate firewalls worldwide in five weeks. The incident highlights the dual-use nature of advanced AI models for both defensive and offensive cyber operations.
Why does AI Tools Used in Large-Scale Cyberattack matter?
The financially motivated Russian-speaking actor did not exploit any specific FortiGate vulnerabilities, but instead targeted devices with exposed management ports and weak credentials that lacked multi-factor authentication. This method allowed the attacker, assessed as having low-to-medium technical skill, to achieve a scale previously requiring a more sophisticated team. The attack, which ran from January 11 to February 18, 2026, involved systematically scanning for FortiGate management interfaces on ports 443, 8443, 10443, and 4443 from the IP address 212.11.64[.]250. DeepSeek was utilized to generate attack plans from reconnaissance data, while Anthropic's Claude was used to produce vulnerability assessments and execute offensive tools against victim systems. The operation was managed through a custom-built Model Context Protocol (MCP) server named ARXON. Once initial access was gained, the operator exfiltrated full device configurations, which included SSL-VPN credentials, administrative passwords, firewall policies, and internal network maps. AI-assisted Python and Go scripts were used to parse and decrypt this stolen data. Post-breach activities showed signs of a pre-ransomware operation, with the actor compromising Microsoft Active Directory environments, extracting credential databases, and specifically targeting backup infrastructure like Veeam Backup & Replication servers. Despite the use of AI for scale, the actor's operational notes revealed repeated failures when attempting to exploit anything beyond simple, automated attack paths, often abandoning more hardened targets. Security researchers from Cyber and Ramen discovered the attacker's misconfigured server, which hosted 1,402 files including stolen firewall backups, credential dumps, AI session artifacts, and operational notes written in Russian. This incident is part of a larger trend of cybercriminals using generative AI to lower the barrier to entry for offensive operations, enabling less skilled actors to automate and scale their attacks.
