A global cyberattack has affected more than 600 FortiGate devices through the exploitation of critical vulnerabilities, using advanced artificial intelligence tools such as DeepSeek and Claude. This attack highlights the growing threat of cyber actors who benefit from the automation of attacks, expanding the reach and effectiveness of malicious campaigns.

Attack Details: AI Tools at the Service of Cybercriminals

In February 2026, it was discovered that a group of cybercriminals used DeepSeek and Claude, tools based on artificial intelligence, to carry out a large scale attack against FortiGate devices. Attackers exploited poorly protected port configurations and known vulnerabilities, allowing access to more than 600 globally distributed devices.

The main objective was to obtain remote access to corporate and government networks through the exploitation of the CVE-2019-6693 vulnerability. This allowed attackers to obtain VPN credentials, network configurations and other sensitive data, compromising the integrity and confidentiality of the information.

Using AI to Escalate the Attack: Automating Cybercriminal Activities

What sets this attack apart from other similar ones is the integration of DeepSeek and Claude, AI tools that were used to quickly detect vulnerabilities and launch the attack in an automated manner. Thanks to these tools, the attackers were able to operate on a much larger scale, without the need for manual intervention, which increased the speed and effectiveness of the operation.

Not only did these AI tools allow the identification and exploitation of flaws in FortiGate devices, but they were also used to monitor and control attacks, maximizing benefits for attackers. The ability to automate these processes with AI highlights a change in the nature of cyberattacks, where the use of advanced technology facilitates the massive execution of security breaches.

Impact on Strategic Sectors: Critical Infrastructure and Beyond

FortiGate devices, which are used by a variety of companies and government agencies, form part of critical infrastructure in key sectors such as telecommunications, media and public services. The attack has not only affected private sector companies, but also government institutions, exposing sensitive information and compromising essential systems.

Although irreparable damage has not been confirmed in all cases, the risk that attackers installed backdoors or extracted more information during the attack is high. This highlights the urgent need to improve security measures to protect these systems.

Apolo Cybersecurity Recommendations: Robust Defense Against Advanced Threats

In the face of these types of cyberattacks, Apolo Cybersecurity recommends following security best practices to protect critical infrastructures. Some of the steps that should be taken immediately include:

  • Strengthen security settings: Ensure that device management ports such as FortiGate are adequately protected, disabling unnecessary access and using secure virtual private networks (VPNs).
  • Implement Multifactor Authentication (MFA): Ensure that all remote connections and administrative access are protected by MFA, which will add an additional layer of security.
  • Patches and continuous updates: It's crucial that organizations keep all devices and systems updated with the latest security patches to prevent attackers from exploiting known vulnerabilities.
  • Constant monitoring of networks and systems: Implement advanced intrusion monitoring and detection (IDS/IPS) solutions to quickly identify any suspicious activity and prevent the spread of incidents.
  • Regular audits and penetration tests: Perform regular tests to identify vulnerabilities and correct them before they can be exploited by attackers.

Conclusion: The Threat of Automated Attacks

This cyberattack demonstrates the increasing sophistication of cyber actors and the key role of artificial intelligence in modernizing cybercrime campaigns. DeepSeek and Claude are just examples of how cybercriminals are taking advantage of the most advanced technologies to carry out faster, more effective and larger-scale attacks.

At Apolo Cybersecurity, we remain committed to offering advanced solutions for protection against these emerging threats, ensuring that our customers are always prepared for the most sophisticated cyber risks.

Prev Post
Next Post

Any questions?
We're happy to help!

CONTACT US TODAY!
info@apolocybersecurity.com
Responsable: Apolo Analytics S.L.
Finalidad: Responder a tu mensaje y almacenaje en base de datos para gestionar tu solicitud.
Legitimación: Consentimiento del interesado al enviar el formulario.
Destinatarios: No se cederán datos a terceros, salvo obligación legal.
Derechos: Puedes ejercer tus derechos de acceso, rectificación y supresión, entre otros, enviando un correo a secretaria@apolocybersecurity.Com.
Información adicional: Puedes consultar la información completa en nuestra Política de Privacidad.

¡Gracias !

Su mensaje a sido recibido correctamente.
Oops! Algo a ido mal a la jora de enviar el formulario.
te esperamos!
Schedule a call
Project photo
Send us an email
Project photo
+34 937948378
Project photo
Carrer de Sant Joan de la Salle 42, Barcelona, España
Project photo
FAQScontactTERMS AND CONDITIONSWork with Us
Accelerated by:
Certifications:
Light Eyes is part of Apolo Cybersecurity
LEGAL NOTICEPRIVACY POLICYCookies
Privacy Settings
Copyright © 2025 Apollo Cybersecurity