Published on February 14, 2024, 8:13 am

State-Linked Threat Actors Employ Generative Ai In Cyberattacks: Microsoft And Openai Report

Microsoft and OpenAI have released a threat report detailing how state-linked threat actors are using generative AI to enhance their attack methods. The report reveals that Russian, North Korean, Iranian, and Chinese-backed groups are attempting to use generative AI to inform, enhance, and refine their attacks.

The research conducted by Microsoft and OpenAI aims to ensure that AI technologies like ChatGPT are being used safely and responsibly while mitigating potential misuse. The report highlights several adversaries believed to be state-backed groups that are implementing AI tools in their tactics, techniques, and procedures (TTPs).

One of these threat actors is Forest Blizzard, also known as Strontium, which has links to a specific unit of the Russian military intelligence agency GRU. This group has targeted various sectors including defense, transportation/logistics, government, energy, NGOs, and information technology. They utilize LLM-informed reconnaissance techniques by using generative AI to understand satellite communication protocols and radar imaging tools for gaining insights on potential targets.

Another threat actor mentioned in the report is Crimson Sandstorm, believed to be an Iranian threat actor linked to the Islamic Revolutionary Guard Corps (IRGC). This group has been active since at least 2017 and targets defense, maritime shipping, transportation, healthcare systems, and technology systems. Their attacks often rely on watering hole attacks and social engineering techniques. They have also been observed using LLMs to produce code aimed at disabling antivirus systems and deleting files to evade anomaly detection.

The report also notes two Chinese state-affiliated groups starting to use AI technologies for their operations. Charcoal Typhoon targets sectors such as government, higher education communications infrastructure, oil & gas industry as well as information technology with a focus on organizations in Taiwan, Thailand Mongolia Malaysia France Nepal. On the other hand Salmon Typhoon has launched attacks against the US defense sector including contractors government agencies cryptographic organizations involved in technology sector.

It is worth mentioning that these threat actors are exploring the use of generative AI in their attacks, and Microsoft’s report provides valuable insights into their tactics. The findings from this report highlight the increasing importance of addressing the potential risks associated with the use of AI in cyberattacks.

The threat landscape is constantly evolving, and it is crucial for cybersecurity professionals and organizations to stay updated on the latest trends and techniques employed by threat actors. By understanding how adversaries are using generative AI, cybersecurity experts can develop strategies to defend against these sophisticated attacks.

It is clear that as the capabilities of AI continue to advance, both defenders and attackers will leverage this technology to gain an edge. Therefore, it is imperative for researchers and industry experts to collaborate in order to develop robust defenses against AI-enhanced cyber threats. This collaboration will help ensure that AI technologies are used responsibly and ethically while safeguarding individuals, organizations, and critical infrastructure from malicious actors.


Comments are closed.