Microsoft Threat Intelligence, in collaboration with artificial intelligence company OpenAI, said in a report released on February 14 that large language models (LLM) like ChatGPT could be used by hackers to improve their existing techniques. The two American companies have thus spotted attempts by pirate groups supported by different countries, such as Russia, North Korea, Iran and the China.
Used to decrypt satellite communications protocols
“Cybercriminal groups, nation-state threat actors and other adversaries are exploring and testing different AI technologies (…) to understand their value to their operations, and the security controls they may need to circumvent”, summarizes the report. Hackers can thus use AI to simplify basic scripting tasks, such as file manipulation, data selection, and multiprocessing, to “optimize their technical operations”.
Advertisement
Microsoft and OpenAI have, for example, discovered that the Forest Blizzard (Strontium) group, linked to Russian intelligence, interacts with LLMs to understand satellite communication protocols and radar imaging technologies. Called APT28 or Fancy Bear, this group has been involved in certain hacks since the start of the war in Ukraine, and during the 2016 US presidential election.
Generating phishing emails and snippets
Emerald Street, or Thallium, has also been identified as using LLMs to target organizations and search for publicly reported vulnerabilities. Microsoft observed this group of North Korean hackers impersonating academic institutions and NGOs, using spear phishingto influence opinions expressed on North Korean foreign policy.
A hacker group believed to be linked to the Islamic Revolutionary Guard Corps, Curium, also used LLMs to generate various phishing emails, code snippets, and get help evading security controls. security. Finally, the report denounces the actions of two groups affiliated with the Chinese state, Crimson Sandstorm and Charcoal Typhoon.
The report clarifies that Microsoft and OpenAI have not yet spotted “significant attacks” using LLMs, and that accounts associated with these hacker groups have been closed. In December 2023, the tech giant claimed that the Forest Blizzard group continued to exploit a security flaw in Outlook, leading to theft and theft of identifiers. A flaw discovered… nine months earlier.
Advertisement
Selected for you