How did the Russian hacker breach FortiGate firewalls?

The hacker brute-forced weak credentials on exposed FortiGate management interfaces.

What role did AI play in the firewall attacks?

AI-generated Python scripts were used for data parsing, reconnaissance, and lateral movement within compromised networks.

Which servers were targeted by the attacker?

The hacker specifically targeted Veeam Backup & Replication servers.

Home / Technology / AI Aids Hacker in Firewall Breach

AI Aids Hacker in Firewall Breach

23 Feb

•

Summary

Russian hacker exploited weak credentials on FortiGate firewalls.
AI-generated scripts helped parse data and move laterally.
Attacker targeted Veeam servers, avoiding hardened systems.

A Russian threat actor has been observed systematically exploiting FortiGate firewalls by brute-forcing weak credentials, with a notable reliance on Generative Artificial Intelligence (GenAI). Researchers identified the hacker scanning for exposed management interfaces and gaining access through common or weak passwords.

Once inside, the attacker utilized AI-generated Python scripts to extract and parse sensitive configuration data, including VPN and administrative credentials. This information was then used to facilitate reconnaissance and lateral movement within internal networks, often targeting Veeam Backup & Replication servers.

The campaign, which ran from January 11 to February 18, 2026, suggests the attacker is less skilled, as they frequently struggled with hardened systems and successfully exploited only easier targets. The AI-assisted tooling, while functional for specific tasks, reportedly lacked robustness and sophistication.

Disclaimer: This story has been auto-aggregated and auto-summarised by a computer program. This story has not been edited or created by the Feedzop team.