🔐 Cybersecurity · April 2026
CyberStrikeAI —
How AI Hacked 600 Firewalls in 55 Countries
One open-source AI tool. One low-skilled operator. 600+ enterprise firewalls breached in 5 weeks — here’s the full story.
📅 April 27, 2026
✍️ Tech Daily Care
⏱ 9 min read
🔴
THREAT ALERT · MARCH 2026
600+ Firewalls. 55 Countries. 5 Weeks.
CyberStrikeAI — the AI-powered attack platform that changed cybersecurity forever
📷 AI-powered cyberattacks are redefining the threat landscape in 2026. Source: eSecurity Planet / Team Cymru
In January 2026, a single threat actor — likely working alone — began quietly scanning the internet for Fortinet FortiGate firewalls. Within five weeks, they had compromised more than 600 devices across 55 countries. No zero-day exploits. No sophisticated hacking techniques. Just weak passwords, exposed management ports, and an open-source AI tool called CyberStrikeAI that did the heavy lifting. Amazon’s security team caught the campaign in February. Team Cymru traced it back to CyberStrikeAI in March. What they found shocked the cybersecurity community: an AI-powered attack platform built in Go, published freely on GitHub, developed by a Chinese developer with suspected links to China’s Ministry of State Security — and already being weaponized by threat actors worldwide.
📊 The Attack — By the Numbers
🔥
600+
FortiGate firewalls breached
🌍
55
Countries targeted worldwide
⏱️
5 wks
Jan 11 – Feb 18, 2026
🖥️
21 IPs
Servers running CyberStrikeAI detected
🛠️
100+
Security tools integrated in CyberStrikeAI
👤
1
Likely single operator running the campaign
⚠️
Amazon’s CISO CJ Moses stated: “This campaign succeeded by exploiting exposed management ports and weak credentials with single-factor authentication — fundamental security gaps that AI helped an unsophisticated actor exploit at scale.” No new vulnerabilities were needed. The AI did the rest.
🤖 What Is CyberStrikeAI?
Tool Analysis · CyberStrikeAI
CyberStrikeAI is an open-source, AI-native offensive security framework written in Go and published on GitHub by a developer operating under the alias “Ed1s0nZ.” First committed on November 8, 2025, the tool initially attracted little attention. By January 2026, that had changed dramatically — Team Cymru detected 21 unique IP addresses running it within just 37 days.
According to its GitHub description, CyberStrikeAI integrates over 100 security tools into a unified platform with an AI orchestration engine, predefined security roles, a skills system, and a full vulnerability management dashboard. It’s compatible with multiple AI models including GPT, Anthropic Claude, and DeepSeek — meaning it can use the same commercial AI services that businesses rely on to plan and execute attacks.
The developer, Ed1s0nZ, has documented ties to Chinese state-affiliated organizations. In December 2025, they shared CyberStrikeAI with Knownsec 404’s Starlink Project — a Chinese cybersecurity firm linked to China’s Ministry of State Security (MSS). In January 2026, Ed1s0nZ added a CNNVD 2024 Vulnerability Reward Program award to their GitHub profile — the CNNVD being a program operated by MSS to collect zero-day vulnerabilities. The reference was later deleted, but Git commit records preserved both the addition and removal.
🔍 How the Attack Worked — Step by Step
1
Mass Scanning for Exposed Management Ports
CyberStrikeAI automated scanning across ports 443, 8443, 10443, and 4443 — systematically identifying FortiGate appliances with management interfaces exposed to the public internet. Tools like Nmap and Masscan handled the high-speed reconnaissance.
🔍 Automated Reconnaissance
2
AI-Generated Attack Plans via DeepSeek
Reconnaissance data was fed to DeepSeek to generate step-by-step attack plans, command sequences, and exploitation strategies for each identified target. A custom MCP server named ARXON processed scan results and invoked the AI models.
🤖 DeepSeek Attack Planning
3
Credential-Based Brute Force Access
No zero-day exploits were needed. The attacker simply tried commonly reused credentials against exposed management interfaces. AI automated the brute force attempts at massive scale — something that would take a human team weeks took hours.
🔑 Weak Credential Exploitation
4
Configuration Extraction & Credential Harvesting
Once inside, the attacker extracted full device configurations — yielding credentials, network topology, and internal structure. Claude AI was used to analyze extracted data and assist with vulnerability assessment and execution of offensive tools.
📋 Claude-Assisted Analysis
5
Lateral Movement & Domain Compromise
Using tools like Meterpreter and Mimikatz, the attacker performed DCSync attacks against domain controllers, extracting NTLM password hashes. In confirmed cases, the attacker obtained complete domain credential databases — consistent with pre-ransomware preparation.
🌐 Active Directory Compromise
⚙️ The AI Arsenal — Tools Behind the Attack
📅 CyberStrikeAI Campaign Timeline
| Date |
Event |
Source |
Severity |
| Nov 8, 2025 |
CyberStrikeAI first published on GitHub by Ed1s0nZ |
Team Cymru |
Low (initial) |
| Dec 19, 2025 |
Developer shares tool with Knownsec 404 Starlink Project (MSS-linked) |
Team Cymru |
Medium |
| Jan 5, 2026 |
Ed1s0nZ adds CNNVD award to GitHub — later deleted to hide state ties |
Team Cymru |
High |
| Jan 11, 2026 |
FortiGate scanning campaign begins — 600+ devices targeted over 5 weeks |
Amazon Threat Intel |
Critical |
| Jan 20–Feb 26 |
21 unique IPs running CyberStrikeAI detected by Team Cymru |
Team Cymru |
Critical |
| Feb 20, 2026 |
Amazon publicly discloses the AI-augmented FortiGate campaign |
AWS Security Blog |
Critical |
| Mar 3, 2026 |
Team Cymru links campaign to CyberStrikeAI; Hacker News, BleepingComputer publish |
Multiple sources |
Critical |
🔬 Why This Changes Everything
Deep Analysis · April 2026
The CyberStrikeAI campaign represents a fundamental shift in the cybersecurity threat landscape. For the first time, we have documented evidence of a single, low-to-medium skilled operator conducting simultaneous intrusions across multiple countries with AI providing analytical support at every stage. What previously required a team of experienced hackers working for weeks can now be accomplished by one person in days.
What makes this particularly alarming is that no new vulnerabilities were needed. The entire campaign succeeded on basic security hygiene failures — exposed management ports and weak single-factor credentials. AI didn’t create new attack vectors. It simply eliminated the human bottleneck that previously limited how many targets an attacker could pursue simultaneously. CyberStrikeAI turned what would have been a small, targeted attack into an industrial-scale operation.
The implications are profound. Security teams that were previously protected by the sheer effort required to execute sophisticated attacks no longer have that buffer. An unskilled attacker with access to open-source AI tooling can now execute campaigns that previously required nation-state resources. As Team Cymru’s Will Thomas warned: “Tools like CyberStrikeAI will significantly lower the barrier to entry for complex network exploitation — and their adoption is poised to accelerate.”
🛡️ How to Protect Yourself — Key Defenses
🔒
Disable Public Management Interfaces
Never expose FortiGate or any firewall management interfaces to the public internet. Restrict access to internal networks or VPN-only connections.
🔑
Enable Multi-Factor Authentication
The entire campaign relied on single-factor authentication. MFA alone would have stopped most intrusions. Enable it on every management interface immediately.
🔄
Patch Management Discipline
Keep perimeter devices updated. While no zero-days were used here, patched systems present fewer attack surfaces for AI-assisted reconnaissance tools to exploit.
🌐
Network Segmentation
Even after initial access, proper segmentation can limit lateral movement. The attacker’s goal was domain compromise — segmentation buys defenders critical response time.
📊
Monitor for CyberStrikeAI Indicators
Block known IOC IP 212.11.64[.]250. Monitor NetFlow for CyberStrikeAI service banners on port 8080. Set alerts for port scanning patterns across 443, 8443, 10443, 4443.
🔐
Credential Hygiene
Use strong, unique passwords on all management interfaces. Audit for password reuse between FortiGate configs and internal accounts — the attacker explicitly exploited this.
❓ Frequently Asked Questions
Was my FortiGate device affected by the CyberStrikeAI campaign?
If your FortiGate management interface was exposed to the internet with single-factor authentication between January 11 and February 18, 2026, you may have been targeted. Amazon’s threat intelligence team identified over 600 compromised devices across 55 countries. Check your FortiGate logs for connections from the known IOC IP address 212.11.64[.]250, and audit for unexpected user accounts, credential changes, or Active Directory modifications. If compromised, treat all domain credentials as exposed and initiate an incident response process.
Is CyberStrikeAI still available on GitHub?
As of the March 2026 disclosures, the tool had been publicly available on GitHub. However, given that it’s open-source, mirrors and copies are likely distributed across multiple platforms even if the original repository is removed. Security researchers have documented its complete architecture, which means the underlying techniques are now broadly known in the threat actor community. Organizations should treat this class of AI-native attack tooling as a persistent and growing threat regardless of any individual repository’s availability.
How was Anthropic Claude used in the attack?
According to analysis by independent researchers Cyber and Ramen, Claude was configured via a Claude Code configuration file that pre-approved it to autonomously run offensive tools including Impacket, Metasploit, and Hashcat using hardcoded domain credentials. In this configuration, Claude was not providing advice — it was actively executing exploitation commands on victim systems. Anthropic has not commented publicly on the specific campaign but has general policies against misuse of its models for harmful purposes.
Is the developer Ed1s0nZ a Chinese government operative?
Researchers at Team Cymru assess that Ed1s0nZ “has some ties to the Chinese government” based on documented connections to organizations linked to China’s Ministry of State Security (MSS). However, it’s important to note that the primary FortiGate campaign operator was assessed as a Russian-speaking, financially motivated threat actor — not a Chinese state-sponsored group. CyberStrikeAI, as an open-source tool, is available to any actor regardless of nationality. The developer-government relationship is a concern, but attribution of the specific attacks is separate from the tool’s origin.
🔐 CyberStrikeAI — Key Takeaways
1
600+ firewalls, 55 countries, 5 weeks — one of the most documented AI-assisted cyberattack campaigns in history, likely run by a single operator2
No zero-days needed — the entire campaign exploited basic hygiene failures: exposed management ports and weak passwords3
AI as an attack multiplier — CyberStrikeAI didn’t create new vulnerabilities; it removed the human bottleneck limiting attack scale4
Commercial AI weaponized — DeepSeek for attack planning, Claude for autonomous tool execution: the same AI services businesses use, turned against them5
The fix is basic hygiene — MFA, disabled public management interfaces, and credential hygiene would have stopped this campaign entirely6
This is the new normal — Team Cymru warns that AI-native attack tools will lower the skill barrier for complex network exploitation, and adoption will accelerate
