Cyberterrorists have now added large language models to their arsenals

Posted by

Researchers from Microsoft and OpenAI have released a report detailing how threat actors have leveraged Large Language Models (LLMs) and other AI tools to increase the scale, sophistication and speed of offensive cyber operations. LLMs are the same technology that powers OpenAI’s ChatGPT or Microsoft’s Copilot, and can be described as autocomplete on steroids. The malicious actors are using LLMs as another productivity tool in the landscape, with the researchers not observing any particularly novel or unique attack that employs AI. Microsoft, which has a close association with OpenAI, has released the report to ensure the safe and responsible use of emerging AI technologies, such as ChatGPT.

The activities of threat actors tracked include Crimson Sandstorm, an Iranian hacking group associated with the Islamic Revolutionary Guard Corps (IRGC), that has been active since at least 2017, Charcoal Typhoonn and Salmon Typhoon, two state-backed Chinese threat actors, Emerald Sleet, a threat actor associated with North Korea, and another threat actor known as Forest Blizzard, believed to be linked with Russia. These threat actors were using the services of OpenAI for querying open-source information, translating and finding errors in code, and performing basic coding tasks. The security researchers from Microsoft and OpenAI have indicated that they have taken active steps to disrupt the activities of the threat actors.

Charcoal Typhoon, one of the Chinese threat actors used LLMs to create content for use in phishing campaigns, conduct research on a number of companies, evaluate cybersecurity tools, debugging code and to generate scripts. Salmon Typhoon, another Chinese threat actor used OpenAI services to translate technical papers, investigate intelligence agencies, and examine the common methods for hiding processes on systems. Crimson Sandstorm also used AI for generating content for spear phishing campaigns, and for evading detection of malware, apart from augmenting scripts for app and web development.

Emerald Sleet used the tech to better understand well-known vulnerabilities, producing content for spear-fishing campaigns, and for scripting support. Forest Blizzard used the services for probing open-source research on satellite communication protocols, as well as radar imaging technology, and support for scripting tasks. Interested readers can find out more in the blog posts by Microsoft and OpenAI.

Click to rate this post!
[Total: 0 Average: 0]

Leave a Reply

Your email address will not be published. Required fields are marked *