April 10, 2024 at 12:19PM
Adversaries are utilizing AI-generated PowerShell scripts, likely produced using OpenAI’s ChatGPT, Google’s Gemini, or Microsoft’s CoPilot, to execute attacks such as the distribution of the Rhadamanthys information stealer. This marks a concerning trend of threat actors applying AI for malicious activities, prompting concerns about the potential impact on cybersecurity and the need for enhanced vigilance.
Key takeaways from the meeting notes:
– A threat actor is suspected of using a PowerShell script created with the assistance of AI systems like OpenAI’s ChatGPT, Google’s Gemini, or Microsoft’s CoPilot to carry out malicious activities.
– The attack, attributed to threat actor TA547 (also known as Scully Spider), targeted organizations in Germany with the Rhadamanthys information stealer through a phishing email campaign impersonating the Metro cash-and-carry German brand.
– The Rhadamanthys modular stealer, used by TA547, has been distributed since September 2022 to multiple cybercrime groups under the malware-as-a-service (MaaS) model. It collects data from various sources such as clipboard, browser, and cookies.
– Researchers at cybersecurity company Proofpoint believe that the AI-assisted PowerShell script used by the threat actor suggests the possibility of AI being employed to write or rewrite the script.
– Financially motivated threat actors have been leveraging AI to create customized phishing emails, run network scans, and build highly credible phishing pages.
It is evident from the meeting notes that the use of AI in malicious activities is a growing concern, with threat actors leveraging AI to enhance their attacks and capabilities.