Cybercriminals utilize AI to automate and tailor digital assaults for specific targets
In a concerning development, government-backed hacking groups are leveraging artificial intelligence (AI) to bolster their cyberattacks, according to CrowdStrike's annual threat hunting report.
The North Korea-linked hacker team "Famous Chollima" (also tracked as UNC5267) has maintained an operational tempo of more than 320 intrusions in a year, demonstrating the effectiveness of AI in automating and optimising workflows at every stage of their operations. This includes drafting resumes, managing job applications, and concealing identities during video interviews [1].
Famous Chollima is known for masterminding North Korea's remote IT-worker fraud schemes, which funnel stolen money to Pyongyang and sometimes lead to the theft of victim businesses' confidential data.
Another group, referred to as "Reconnaissance Spider," almost certainly used AI to translate one of its phishing lures into Ukrainian, highlighting the potential for AI to personalise social engineering and create more convincing phishing campaigns [1].
The Iran-linked hacking team Charming Kitten likely used AI to generate messages as part of a 2024 phishing campaign against U.S. and European organizations. This incident underscores the threat posed by AI to the security of these organisations [1].
The use of AI by hackers poses a significant challenge as it allows them to bypass traditional technical and social barriers with AI-generated content and tactics [1]. Hackers are also using organisations' AI tools as initial access vectors to execute diverse post-exploitation operations.
As businesses race to incorporate AI into their workflows, hackers are following suit to exploit this technology. According to the report, cybercriminals are also using AI to automate tasks and improve their tools, making attacks faster and more effective [1].
The report suggests that as organisations continue adopting AI tools, the attack surface will continue expanding, and trusted AI tools will emerge as the next insider threat. This is evident in the case of the attackers from "Reconnaissance Spider," who forgot to remove the AI model's boilerplate prompt-response sentence from the text they copied [1].
The use of AI by hackers poses a significant threat to the security of U.S. and European organisations, as demonstrated by the actions of the Charming Kitten and Reconnaissance Spider groups. CrowdStrike's annual threat hunting report provides valuable insights into the ways AI is being utilised by cyber threat actors, underscoring the need for organisations to stay vigilant and implement robust AI security measures.
[1] CrowdStrike's annual threat hunting report
In a related development, a vulnerability in Langflow's AI workflow development tool was exploited by hackers in April, allowing them to burrow into networks, commandeer user accounts, and deploy malware.
In conclusion, the integration of AI into cyberattacks has the potential to significantly increase the scale and speed of attacks, personalise social engineering, and evade detection. Organisations must prioritise the implementation of robust AI security measures to protect against these threats.
- The integration of artificial intelligence (AI) in hacking activities, as shown by groups like Famous Chollima and Reconnaissance Spider, is making cyberattacks faster, more effective, and capable of personalizing social engineering through AI-generated content and tactics, pose a significant challenge to cybersecurity.
- The use of AI by hackers not only allows them to bypass traditional technical and social barriers, but also enables them to exploit organizations' AI tools as initial access vectors for post-exploitation operations, which can lead to data breaches and malware infiltration, as illustrated by the vulnerability in Langflow's AI workflow development tool.
- Organizations need to prioritize the implementation of robust AI security measures in response to the growing threat posed by AI-empowered cyberattacks, including phishing campaigns, automation of tasks, and optimized workflows at every stage of an operation, as advocated by CrowdStrike's annual threat hunting report.
