According to an investigation by Microsoft and OpenAI, hackers use large language models (LLM) to conduct research, write attack scripts or phishing emails.
“Cybercriminal groups are researching and testing different AI technologies as they emerge, trying to understand the potential value to their operations and the security controls they may need to bypass,” Microsoft said in a blog post.
The report mentions cyber groups supported by Russia, North Korea, Iran and China.
Strontium hackers linked to Russian military intelligence have now been identified as using a large language model to understand satellite communication protocols, radar imaging technologies, and specific technical parameters.
The group, also known as APT28 or Fancy Bear, was active during the Russian-Ukrainian war and was involved in attacks on Hillary Clinton’s 2016 presidential campaign. According to Microsoft, hackers also use LLM to help with “basic scripting tasks, including file manipulation, data selection, regular expressions, and multiprocessing to potentially automate or optimize technical operations.”
A North Korean hacking group known as Thallium uses LLM to study publicly known vulnerabilities and target organizations, to help with basic scripting tasks, and to develop content for phishing campaigns.
An Iranian group known as Curium also uses large language patterns to create phishing emails and even code to avoid detection by anti-virus programs. Chinese government hackers also use LLMs for research, scripting, translations, and improvements to existing tools.
While the use of artificial intelligence in cyberattacks appears to be limited at the moment, Microsoft warns of the potential for it to be used for voice impersonation.
“Voice synthesis is an example of how a 3-second sample can reproduce the sound of anyone,” says Microsoft. “Even something as innocent as your voicemail welcome note can be used.”
Microsoft is now building Security Copilot, a new artificial intelligence assistant designed for cybersecurity professionals to help detect breaches and better understand the vast amount of signals and data generated by cybersecurity tools every day.
Russian hackers hacked Microsoft thanks to weak corporate network security
Join the competition of ITS authors! Win cool prizes from our Logitech partners – professional gaming steering wheel and low-profile gaming keyboards.
