Microsoft Says Foreign Adversaries Are Using Generative AI For Cyberattacks

(RTTNews) - Microsoft Co. (MSFT) and OpenAI recently disclosed that cybercriminals are utilizing large language models like ChatGPT to refine and enhance their cyberattacks.

In a newly released report, Microsoft and OpenAI identified Russian, North Korean, Iranian, and Chinese-backed groups using tools such as ChatGPT to research targets, refine scripts, and develop social engineering tactics.

These tech giants identified four specific groups leveraging large language models in their hacking operations: Forest Blizzard from Russia (also known as Strontium), Emerald Sheet from North Korea (also known as Thallium), Crimson Sandstorm from Iran (also known as Curium), and Charcoal Typhoon from China (also known as Chromium) and Sodium Typhoon from China (also known as Sodium).

According to the findings, Russian hackers are employing large language models for reconnaissance and scripting techniques to gain detailed knowledge of satellite capabilities and potentially automate technical operations.

North Korea's Emerald Sheet is using this technology for vulnerability research, enhanced scripting techniques, and reconnaissance to learn more about organizations such as think tanks involved in North Korea's nuclear weapons program.

Crimson Sandstorm from Iran used the technology to create various phishing emails, disable antivirus software through registry or Windows policies, and delete files in directories after closing an application.

On the other hand, China's Charcoal Typhoon and Salmon Typhoon have utilized large language models for translations, communication, and potential code development with malicious intent, likely to establish connections, manipulate targets, and communicate.

Microsoft reported taking action by disabling the accounts and assets of these groups and mentioned that they have not detected any significant attacks utilizing large language models that they monitor. The software giant is also revamping its software security measures following recent major Azure cloud attacks and instances of Russian hackers spying on Microsoft executives.