A Russian-speaking financially motivated threat actor leveraged multiple commercial generative AI services to compromise over 600 FortiGate devices across more than 55 countries between January and February 2026. The campaign exploited exposed management ports and weak credentials with single-factor authentication rather than software vulnerabilities. The actor used AI throughout all operational phases including tool development, attack planning, and reconnaissance automation, achieving scale previously requiring larger skilled teams. Post-exploitation activities included Active Directory compromise, credential harvesting, and targeting backup infrastructure consistent with pre-ransomware operations. Despite limited technical capabilities, the actor successfully extracted complete credential databases from multiple organizations, though they failed against hardened environments and moved to softer targets.