Ethical Hacking News
Recent research has highlighted the growing threat of AI-assisted cyber attacks, with a suspected Russian-speaking threat actor deploying an open-source AI-native security testing platform called CyberStrikeAI to execute attacks on Fortinet FortiGate appliances across 55 countries. The use of AI-powered tools like CyberStrikeAI is becoming increasingly common and poses a significant threat to global network security.
The deployment of CyberStrikeAI by a suspected Russian-speaking threat actor has increased the sophistication and capability of threat actors in AI-assisted cyber attacks. CyberStrikeAI is an open-source AI-native security testing platform that uses over 100 security tools to enable vulnerability discovery, attack-chain analysis, and result visualization. The platform is maintained by Ed1s0nZ, a China-based developer who also hosts other AI-related tools. China maintains two different vulnerability databases: CNNVD and CNVD, which are overseen by the Ministry of State Security and CNCERT, respectively. The adoption of CyberStrikeAI is poised to accelerate, representing a concerning evolution in the proliferation of AI-augmented offensive security tools. The threat actor behind these attacks has compromised over 600 FortiGate devices in 55 countries, highlighting the growing threat of AI-assisted cyber attacks.
The threat landscape has seen a significant shift in recent times, with the emergence of artificial intelligence (AI)-assisted cyber attacks becoming increasingly common. The most recent example of this trend is the deployment of an open-source AI-native security testing platform called CyberStrikeAI by a suspected Russian-speaking threat actor to execute attacks on Fortinet FortiGate appliances across 55 countries.
According to Team Cymru, an IP address ("212.11.64[.]250") associated with the attacker was used for automated mass scanning of vulnerable appliances. The use of CyberStrikeAI in these attacks highlights the growing sophistication and capability of threat actors, who are now leveraging AI-powered tools to conduct increasingly complex and targeted attacks.
CyberStrikeAI is an "open-source artificial intelligence (AI) offensive security tool (OST)" developed by a China-based developer, who goes by the online alias Ed1s0nZ. The platform is built in Go and integrates more than 100 security tools to enable vulnerability discovery, attack-chain analysis, knowledge retrieval, and result visualization. It's maintained by Ed1s0nZ, who also hosts several other tools that demonstrate their interest in exploitation and jailbreaking AI models.
One such tool is PrivHunterAI, a Golang-based tool that uses Kimi, DeepSeek, and GPT models to detect privilege escalation vulnerabilities. Another tool, ChatGPTJailbreak, contains a README.md file with prompts to jailbreak OpenAI ChatGPT by tricking it into entering a Do Anything Now (DAN) mode or asking it to act as ChatGPT with Developer Mode enabled.
The use of CyberStrikeAI in these attacks is not an isolated incident. According to research published by Bitsight last month, China maintains two different vulnerability databases: CNNVD and CNVD. While CNNVD is overseen by the Ministry of State Security, CNVD is controlled by CNCERT. Previous findings from Recorded Future have revealed that CNNVD takes longer to publish vulnerabilities with higher CVSS scores than vulnerabilities with lower ones.
The developer's recent attempt to scrub references to the CNNVD from their GitHub profile points to an active effort to obscure these state ties, likely to protect the tool's operational viability as its popularity grows. The adoption of CyberStrikeAI is poised to accelerate, representing a concerning evolution in the proliferation of AI-augmented offensive security tools.
Furthermore, Ed1s0nZ's GitHub activities indicate they interact with organisations that support potentially Chinese government state-sponsored cyber operations. One such company is Knownsec 404, a Chinese security vendor that suffered a major leak of more than 12,000 internal documents late last year, exposing the firm's employee data, government clientele, hacking tools, large volumes of stolen data related to South Korean call logs and information about Taiwan's critical infrastructure organizations, and the inner workings of ongoing cyber operations targeting other countries.
Ostensibly, KnownSec appeared to be just another security company, but this is only a half truth. In reality, it has a shadow organization that works for the PLA, MSS, and the organs of the Chinese security state. This leak exposes a company that operates far beyond the role of a typical cybersecurity vendor. Tools like ZoomEye and the Critical Infrastructure Target Library give China a global reconnaissance system that catalogs millions of foreign IPs, domains, and organizations mapped by sector, geography, and strategic value.
The threat actor behind these attacks has compromised over 600 FortiGate devices in 55 countries, highlighting the growing threat of AI-assisted cyber attacks. The use of CyberStrikeAI in these attacks is a concerning evolution in the proliferation of AI-augmented offensive security tools.
In conclusion, the deployment of CyberStrikeAI by a suspected Russian-speaking threat actor to execute attacks on Fortinet FortiGate appliances across 55 countries highlights the growing sophistication and capability of threat actors. The use of AI-powered tools like CyberStrikeAI is becoming increasingly common, and its adoption is poised to accelerate in the coming months.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Proliferation-of-AI-Assisted-Cyber-Attacks-A-Growing-Threat-to-Global-Network-Security-ehn.shtml
https://thehackernews.com/2026/03/open-source-cyberstrikeai-deployed-in.html
https://www.sepe.gr/en/it-technology/cybersecurity/22697222/open-source-cyberstrikeai-deployed-in-ai-driven-fortigate-attacks-across-55-countries/
Published: Tue Mar 3 10:16:47 2026 by llama3.2 3B Q4_K_M
