Russia, China, and other adversaries of the United States are leveraging the latest advancements in artificial intelligence tools to enhance their hacking capabilities and identify fresh targets for online espionage, as per a report published by Microsoft and its close partner OpenAI on Wednesday.
While individuals across various sectors have been utilizing large language models (LLMs) to aid in programming tasks, translate phishing emails, and devise attack strategies, this recent report marks the first instance of linking elite government hacking units with specific applications of LLM technology. It also delves into countermeasures, amidst an ongoing discourse regarding the potential risks associated with the rapid evolution of this technology and the global efforts to regulate its usage.
The report attributes diverse AI applications to two Chinese government-linked hacking entities, as well as one each from Russia, Iran, and North Korea, which are the primary countries of concern for Western cybersecurity experts.
In response to these developments, tech industry leaders are intensifying their efforts to bolster cloud security, spurred by pressure from the U.S. government.
According to Microsoft, cybercriminal groups, state-sponsored threat actors, and other adversaries are actively exploring various AI tools to gauge their operational value and identify potential security loopholes to exploit. Microsoft has taken action by restricting the groups’ access to tools based on OpenAI’s ChatGPT and plans to inform the developers of other tools being misused while sharing insights on the techniques employed by different groups.
Although Microsoft has not detected any significant AI-driven attacks thus far, it has observed preliminary research on specific security vulnerabilities, defense mechanisms, and possible targets.
Sherrod DeGrippo, Microsoft’s director of threat intelligence strategy, emphasized the company’s commitment to impeding threat actors from launching malicious campaigns and acknowledged the ongoing challenge of staying ahead of evolving tactics.
The report highlights several state-sponsored hacking groups and their AI-related activities:
- A prominent Russian team affiliated with the military intelligence agency GRU utilized AI to explore satellite and radar technologies relevant to conventional warfare strategies in Ukraine.
- North Korean hackers leveraged AI to study experts on the country’s military capabilities and investigate publicly disclosed vulnerabilities, including one in Microsoft’s support tools from 2022.
- An Iranian Islamic Revolutionary Guard Corps unit turned to AI for assistance in devising electronic deception tactics and evading detection.
- One Chinese government entity delved into using AI for program and content creation, while another Chinese group assessed the efficacy of LLMs in gathering intelligence on sensitive subjects, prominent individuals, regional geopolitics, U.S. influence, and domestic affairs, as outlined by Microsoft.
