Light bulb Limited Spots Available: Secure Your Lifetime Subscription on Gumroad!

Mar 22, 2026 · 5 min read

An AI Assisted Attacker Just Breached 600 Firewalls Across 55 Countries

A financially motivated threat actor used commercial generative AI services to exploit FortiGate firewalls at scale, stealing service account credentials and burrowing deep into Active Directory environments at healthcare providers, government agencies, and managed service providers.

The firewall is supposed to be the front door with a deadbolt. For more than 600 organizations across 55 countries, it was the front door left wide open. Between January and February 2026, a Russian speaking, financially motivated threat actor exploited multiple vulnerabilities in Fortinet's FortiGate Next Generation Firewall appliances to breach networks, steal encrypted credentials, and establish persistent access, all with the help of commercial generative AI tools.

The campaign targeted healthcare, government, and managed service providers, the kinds of organizations that store sensitive data and often lack the security staffing to monitor perimeter devices around the clock. By the time defenders noticed, the attackers had already moved from the firewall to the heart of the network.

Row of network firewall appliances in data center with one showing red compromise indicator

Three Vulnerabilities, One Campaign

The attacks exploited three Fortinet vulnerabilities. CVE-2025-59718 and CVE-2025-59719, both rated CVSS 9.8, allow an unauthenticated attacker to send a crafted SAML token and gain administrative access to FortiGate devices without valid credentials. CVE-2026-24858, patched in January 2026, provided another entry point for attackers who scanned for devices that had not yet been updated.

In some cases, the attackers did not even need to exploit a vulnerability. They simply used weak or default credentials. The result was the same: full administrative control of the perimeter firewall.

How AI Made the Attack Faster

What distinguishes this campaign is the attacker's use of multiple commercial generative AI services to accelerate exploitation. AWS security researchers documented the attacker using AI to automate reconnaissance, generate exploit payloads adapted to specific FortiGate configurations, and craft credential extraction scripts. The scale of the campaign, 600 devices across 55 countries in roughly five weeks, suggests a level of automation that would be difficult to achieve manually.

This is not speculative future risk. This is a real attacker using commercially available AI tools to breach real networks today. The prediction that AI would transform cybersecurity incidents is already coming true.

From Firewall to Domain Controller

Gaining access to the firewall was just step one. SentinelOne researchers documented what happened next. In one incident, the attackers created a new local administrator account named "support" on the FortiGate device, then configured four new firewall policies that allowed this account to traverse all network zones without restrictions.

From there, attackers extracted the device's configuration file, which contained encrypted LDAP service account credentials. Evidence shows they decrypted these credentials and used them to authenticate directly to the organization's Active Directory. Once inside AD, they enrolled rogue workstations, performed network scanning, and deployed remote access tools including Pulseway and MeshAgent.

In the most severe cases, attackers exfiltrated NTDS.dit files, the Active Directory database that contains password hashes for every user in the domain. With those hashes, the attacker effectively owns every account in the organization.

Why Healthcare and Government Were Targeted

The campaign singled out healthcare providers, government agencies, and managed service providers. These sectors share common vulnerabilities: legacy systems that cannot be easily patched, small security teams relative to their attack surface, and data that commands premium prices in extortion scenarios.

Managed service providers are especially attractive targets because breaching one MSP can provide access to dozens or hundreds of downstream client networks. A single compromised FortiGate at an MSP is a gateway to every organization it manages.

What Organizations Should Do

If your organization uses FortiGate firewalls, these steps are urgent:

  • Patch immediately: Apply fixes for CVE-2025-59718, CVE-2025-59719, and CVE-2026-24858
  • Audit admin accounts: Check for unauthorized local accounts on all FortiGate devices, especially accounts named "support" or similar generic names
  • Rotate service credentials: Change all LDAP and Active Directory service account passwords that are configured on firewall devices
  • Review firewall policies: Look for recently created policies that allow unrestricted zone traversal
  • Forward logs to SIEM: Maintain at least 14 days of firewall log retention and forward all logs to a centralized system that attackers cannot delete
  • Hunt for remote access tools: Scan for Pulseway, MeshAgent, and unexpected PowerShell downloads from cloud storage buckets

The firewall is the most trusted device on your network. When it is compromised, everything behind it is exposed. The pattern keeps repeating: a CVSS 10 zero day in Cisco Firewall Management Center was exploited for 36 days before anyone noticed. Treat perimeter devices with the same security rigor you apply to domain controllers, because attackers certainly do.