AI Tools Used in Large-Scale Cyberattack
Amazon Threat Intelligence exposed a Russian-speaking actor who used the DeepSeek and Claude LLMs for attack planning and automated exploitation. The operator successfully breached over 600 FortiGate firewalls worldwide in five weeks. The incident highlights the dual-use nature of advanced AI models for both defensive and offensive cyber operations.
- The financially motivated Russian-speaking actor did not exploit any specific FortiGate vulnerabilities, but instead targeted devices with exposed management ports and weak credentials that lacked multi-factor authentication. This method allowed the attacker, assessed as having low-to-medium technical skill, to achieve a scale previously requiring a more sophisticated team. - The attack, which ran from January 11 to February 18, 2026, involved systematically scanning for FortiGate management interfaces on ports 443, 8443, 10443, and 4443 from the IP address 212.11.64[.]250. - DeepSeek was utilized to generate attack plans from reconnaissance data, while Anthropic's Claude was used to produce vulnerability assessments and execute offensive tools against victim systems. The operation was managed through a custom-built Model Context Protocol (MCP) server named ARXON. - Once initial access was gained, the operator exfiltrated full device configurations, which included SSL-VPN credentials, administrative passwords, firewall policies, and internal network maps. AI-assisted Python and Go scripts were used to parse and decrypt this stolen data. - Post-breach activities showed signs of a pre-ransomware operation, with the actor compromising Microsoft Active Directory environments, extracting credential databases, and specifically targeting backup infrastructure like Veeam Backup & Replication servers. - Despite the use of AI for scale, the actor's operational notes revealed repeated failures when attempting to exploit anything beyond simple, automated attack paths, often abandoning more hardened targets. - Security researchers from Cyber and Ramen discovered the attacker's misconfigured server, which hosted 1,402 files including stolen firewall backups, credential dumps, AI session artifacts, and operational notes written in Russian. - This incident is part of a larger trend of cybercriminals using generative AI to lower the barrier to entry for offensive operations, enabling less skilled actors to automate and scale their attacks.
