Hackers abusing AI at every stage of cyberattacks
Hackers abusing AI at every stage of cyberattacks
Publish Date: 2026-03-07 10:15:00
Source Domain: www.bleepingcomputer.com
-
Escalation of Cyber Threats via AI: Microsoft’s Threat Intelligence has highlighted the growing use of artificial intelligence (AI) by cyberattackers to streamline their operations, including tasks like reconnaissance, phishing, malware creation, and post-compromise activities.
-
Generative AI in Phishing and Malicious Scripts: Threat actors use AI tools primarily for drafting phishing emails, translating content, summarizing stolen data, debugging malware, and scripting or configuring attack infrastructure, thereby lowering the technical barriers for such activities.
-
Real-World Applications by North Korean Groups: Specific threat groups like Jasper Sleet (Storm-0287) and Coral Sleet (Storm-1877) are using generative AI to create realistic digital identities, resumes, and fake company sites to execute IT worker schemes and maintain access within Western companies.
-
Malware Development and Infrastructure Creation: AI coding tools are being employed to generate and refine malicious code and troubleshoot errors, with some evidence of AI-enabled malware dynamically modifying scripts or behavior.
-
Threats Bypass AI Safeguards: When traditional AI safeguards attempt to prevent malicious use, threat actors are employing techniques like jailbreaking to trick AI models into generating harmful code or content.
-
Shift in Threat Actor Strategies: While AI-assisted autonomy in hacking remains limited, threat actors are experimenting with agentic AI. Defenders should focus on detecting abnormal credential use and enhancing security for AI systems.
-
Collaborative Findings Across Tech Giants: Microsoft’s observations align with reports from Google, Amazon, and the Cyber and Ramen blog about threat actors leveraging generative AI across different phases of cyber operations.
