Cybersecurity

Cyber: Open-source Cyberstrikeai Deployed In Ai-driven Fortigate Attacks...

2026-03-03 0 views admin
Cyber: Open-source Cyberstrikeai Deployed In Ai-driven Fortigate Attacks...

The threat actor behind the recently disclosed artificial intelligence (AI)-assisted campaign targeting Fortinet FortiGate appliances leveraged an open-source, AI-native security testing platform called CyberStrikeAI to execute the attacks.

The new findings come from Team Cymru, which detected its use following an analysis of the IP address ("212.11.64[.]250") that was used by the suspected Russian-speaking threat actor to conduct automated mass scanning for vulnerable appliances.

CyberStrikeAI is an "open-source artificial intelligence (AI) offensive security tool (OST) developed by a China-based developer who we assess has some ties to the Chinese government," security researcher Will Thomas (aka @BushidoToken) said.

Details of the AI-powered activity came to light last month when Amazon Threat Intelligence said it detected the unknown attacker systematically targeting FortiGate devices using generative artificial intelligence (AI) services like Anthropic Claude and DeepSeek, compromising over 600 appliances in 55 countries.

According to the description in its GitHub repository, CyberStrikeAI is built in Go and integrates more than 100 security tools to enable vulnerability discovery, attack-chain analysis, knowledge retrieval, and result visualization. It's maintained by a Chinese developer who goes by the online alias Ed1s0nZ.

Team Cymru said it observed 21 unique IP addresses running CyberStrikeAI between January 20 and February 26, 2026, with servers primarily hosted in China, Singapore, and Hong Kong. Additional servers related to the tool have been detected in the U.S., Japan, and Switzerland.

The Ed1s0nZ account, besides hosting CyberStrikeAI, has published several other tools that demonstrate their interest in exploitation and jailbreaking AI models -

"Further, Ed1s0nZ's GitHub activities indicate they interact with organisations that support potentially Chinese government state-sponsored cyber operations," Thomas said. "This includes Chinese private sector firms that have known ties to the Chinese Ministry of State Security (MSS)."

One such company the developer has interacted with is Knownsec 404, a Chinese security vendor that suffered a major leak of more than 12,000 internal documents late last year, exposing the firm's employee data, government clientele, hacking tools, large volumes of stolen data such as South Korean call logs and information related to Taiwan's critical infrastructure organizations, and the inner workings of ongo

Source: The Hacker News

🏷️ Tags

securityhackvulnerabilityattackthreat

More from Cybersecurity

Cyber: Speakeasies To Shadow Ai: Banning AI Browsers Will Fail 2026

Cyber: Speakeasies To Shadow Ai: Banning AI Browsers Will Fail 2026

2026-03-03 0
Cyber: Fake Tech Support Spam Deploys Customized Havoc C2 Across...

Cyber: Fake Tech Support Spam Deploys Customized Havoc C2 Across...

2026-03-03 0
Cyber: Google Chrome Shifts To Two-week Release Cycle For Increased Stability

Cyber: Google Chrome Shifts To Two-week Release Cycle For Increased Stability

2026-03-03 0
Cyber: Lexisnexis Confirms Data Breach As Hackers Leak Stolen Files

Cyber: Lexisnexis Confirms Data Breach As Hackers Leak Stolen Files

2026-03-03 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views