Hackers are increasingly turning to LLM and AI tools to refine their tactics, techniques and procedures (TTPs) in their campaigns, new reports warn.
A new research paper published by Microsoft in collaboration with OpenAI has revealed how threat actors are using the latest technical innovations to keep defenders on their toes.
Microsoft and OpenAI have detected and disrupted attacks from threat actors backed by Russia, North Korea, Iran, and China who have been using LLM to hone their hacking playbooks.
AI improves hackers' advantage
State-backed hackers have been abusing built-in language support mechanisms to hone their ability to attack foreign adversaries and make them appear more legitimate by conducting social engineering campaigns. They may use this language processing to establish seemingly legitimate professional relationships with their victims.
Google also says it has observed hackers conducting intelligence gathering by using LLM to gather information about the industries and locations where their victims live and work, as well as learning more about their personal relationships.
In one example, Microsoft and OpenAI observed that the Forest Blizzard group linked to the Russian unit GRU 26165 used LLM to collect information about how satellites operate and communicate in very specific details. They have also been observed using AI to hone their programming capabilities, likely to automate or increase the efficiency of their technical operations.
North Korea-linked group Emerald Sleet has been observed using LLM to learn how to exploit publicly reported critical software vulnerabilities, generate content for use in phishing campaigns, and identify organizations collecting information on the nuclear and defense capabilities of North Korea.
In all of these cases, Microsoft and OpenAI identified and disabled all accounts used by these threat actors, with Microsoft stating: “Artificial intelligence technologies will continue to evolve and be studied by various threat actors.
“Microsoft will continue to track threat actors and malicious activity that misuse LLMs, and will work with OpenAI and other partners to share intelligence, improve customer protection, and assist the broader security community.”
