How do hackers use AI in their cyberattacks?
Hackers linked to Russia, North Korea, Iran, and China are using artificial intelligence (AI) and large language models (LLMs) to enhance their cyberattack operations.
Microsoft and OpenAI disrupted the efforts of five state-affiliated actors by terminating their assets and accounts. According to Microsoft, LLMs provide language support that is attractive to threat actors engaged in social engineering and deceptive communications. While no significant attacks using LLMs have been detected, adversarial exploration of AI technologies has progressed across various stages of the attack chain.
For example, the Russian group Forest Blizzard (aka APT28) used LLMs for open-source research on satellite communication protocols and radar imaging technology. Other notable hacking crews, including Emerald Sleet, Crimson Sandstorm, Charcoal Typhoon, and Salmon Typhoon, also utilized LLMs for different purposes. Microsoft working also in formulating a set of principles to address the risks associated with the misuse of AI and is working on principles to mitigate the risks associated with the malicious use of them and APIs by sophisticated persistent nation-state threats (APTs), pre-existing persistent actors (APMs), and cybercriminal organizations, with the goal of effectively detecting and protection. The aim is also to establish effective security and protection mechanisms for the models of the company.
These principles include identification and action against malicious actors, collaboration with stakeholders, and transparency.
