December 22, 2024
Hacking groups funded by foreign actors and adversaries of the United States are increasingly using artificial intelligence to improve their odds of successful cyberattacks, according to analysis from some of the leading technology companies. Microsoft and OpenAI released a report on Wednesday detailing how hackers from China, Iran, North Korea, and Russia are using large-language […]

Hacking groups funded by foreign actors and adversaries of the United States are increasingly using artificial intelligence to improve their odds of successful cyberattacks, according to analysis from some of the leading technology companies.

Microsoft and OpenAI released a report on Wednesday detailing how hackers from China, Iran, North Korea, and Russia are using large-language models to seek vulnerabilities in the software and security practices used by the U.S. government. The hackers are also using the technology to create “scripts” that can identify ways to break into government infrastructure that they can then use to steal valuable data and disrupt operations.

“Cybercrime groups, nation-state threat actors, and other adversaries are exploring and testing different AI technologies as they emerge, in an attempt to understand potential value to their operations and the security controls they may need to circumvent,” the two companies said in their report.

The report listed five groups using LLMs to empower their hacking efforts: Russia’s Forest Blizzard, North Korea’s Emerald Sleet, Iran’s Crimson Sandstorm, and China’s Charcoal Typhoon and Salmon Typhoon.

The Russian hackers are using LLMs to scour satellite communications and radar technologies for vulnerabilities. North Korea is using the technology to fine-tune its social engineering for phishing scams and to seek vulnerabilities in public software. Iran’s hackers are using AI to improve their phishing attempts and their attacks on human rights agencies. Finally, China is using it to analyze the software used by government agencies for vulnerabilities and to spy on global intelligence agencies and defense contractors.

CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER

Microsoft said it disabled the known assets of these government entities and has not seen any “significant attacks” that used the LLMs they were monitoring.

The software giant has kept an eye on an assortment of cybersecurity attacks in recent years but has also been a target for hackers. This includes Russian hackers from Forest Blizzard gaining access to Microsoft executives’ accounts in January and stealing various emails and documents.

Leave a Reply