Originally reported by Security Affairs, The Record
TL;DR
Russian threat actors deploy AI for mass FortiGate compromise, coordinate cyber-kinetic operations in Ukraine, and leverage ransomware for geopolitical objectives in Romania.
The AI-powered compromise of 600 FortiGate devices across 55 countries represents a significant scalable threat, while Russian hybrid operations using ransomware and cyber-kinetic coordination in Ukraine demonstrate sophisticated nation-state capabilities.
Amazon Threat Intelligence identified a Russian-speaking financially motivated threat actor leveraging commercial generative AI services to compromise over 600 FortiGate devices across 55 countries. The campaign, active between January 11 and February 18, 2026, demonstrates the scalability that AI tools bring to traditional network infiltration tactics.
The use of commercial AI platforms for operational scaling represents an evolution in threat actor capabilities, reducing the technical barrier for mass compromise operations while maintaining operational security through legitimate service usage.
Ukrainian cybersecurity officials disclosed that Russian cyberattacks targeting energy infrastructure have shifted focus from immediate disruption to intelligence collection for missile strike guidance. This represents a tactical evolution in Russia's hybrid warfare doctrine, where cyber operations serve as reconnaissance for kinetic attacks rather than standalone disruption.
The cyber-kinetic coordination demonstrates sophisticated operational planning, using network access to map critical infrastructure vulnerabilities before physical targeting.
Romania's top cybersecurity official warned that recent ransomware attacks on critical infrastructure were likely part of broader Russian hybrid operations aimed at destabilizing the country. The assessment suggests ransomware groups are operating as instruments of state policy rather than purely criminal enterprises.
This aligns with broader intelligence assessments linking financially motivated cybercriminal groups to Russian state interests, particularly when targeting NATO allies and EU members.
Anthropic launched Claude Code Security, an AI-powered service for vulnerability scanning and remediation recommendations. The tool integrates into Claude Code to help development teams identify and address security flaws more efficiently.
Meanwhile, Spanish police arrested a 20-year-old hacker who exploited payment system vulnerabilities to book luxury hotels for €0.01, demonstrating continued threats to e-commerce platforms.
Originally reported by Security Affairs, The Record