Microsoft and OpenAI are revealing today that hackers are already using large language models like ChatGPT to refine and improve their existing cyberattacks. In newly published research, Microsoft and OpenAI have detected attempts by Russian, North Korean, Iranian, and Chinese-backed groups using tools like ChatGPT for research into targets, to improve scripts, and to help build social engineering techniques. “Cybercrime groups, nation-state threat actors, and other adversaries are exploring and testing different AI technologies as they emerge, in an attempt to understand potential value to their operations and the security controls they may need to circumvent,” says Microsoft in a blog post today. The Strontium group, linked to Russian military intelligence, has been found to be using LLMs “to understand satellite communication protocols, radar imaging technologies, and specific technical parameters.” The hacking group, known also as APT28 or Fancy Bear, has been active during the Russia-Ukraine war and was previously involved in targeting Hillary Clinton’s presidential campaign in 2016. The group has also been using LLMs to help with “basic scripting tasks, including file manipulation, data selection, regular expressions, and multiprocessing, to potentially automate or optimize technical operations,” according to Microsoft. A North Korean hacking group, known as Thallium, has been using LLMs to research publicly reported vulnerabilities and target organizations, to aid in basic scripting tasks, and to draft content for phishing campaigns. Microsoft says the Iranian group known as Curium has also been using LLMs to generate phishing emails and even code for avoiding detection by antivirus applications.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.