This post is also available in:
עברית (Hebrew)
The integration of artificial intelligence (AI) into malware development is emerging as a significant cybersecurity threat, marking a new phase in how malicious actors operate. Traditionally, AI was not widely associated with malware, but with the rise of generative AI tools, cybercriminals are increasingly exploiting this technology to enhance their attacks.
Despite companies’ best efforts to minimize hackers’ chances of using their tools for nefarious reasons, AI can be used in malware development in several ways. AI can be used to search for exploitable vulnerabilities, and readily available tools like ChatGPT allow even inexperienced hackers to write malicious scripts. AI-powered malware can also adapt to its environment, changing its behavior and code structure dynamically to evade detection.
According to a report by Cybernews entailing the use of AI by threat actors, one of the earliest groups to take advantage of AI capabilities for malware creation is CyberAv3ngers, an IRGC-backed hacker group targeting critical infrastructure sectors such as water systems, energy, and manufacturing. The group uses AI to improve vulnerability research, automate malware debugging, and craft scripts that manipulate industrial control systems (ICS) and programmable logic controllers (PLCs).
Similarly, SweetSpecter, a Chinese state-backed group, leverages OpenAI services to develop AI-driven intelligence collection tools and malware capable of bypassing traditional detection mechanisms. This ability to evade security measures makes their malware particularly potent, allowing it to persist undetected in targeted networks.
The Forest Blizzard group, also known as APT28, has used AI to create convincing fake government documents for phishing campaigns. By analyzing victim communication patterns, they craft targeted attacks that can harvest sensitive information with great precision.
These groups represent the growing use of AI in cyberattacks, a trend that is expanding among both well-organized and less technical hacker groups. As AI technology continues to evolve, so will the sophistication of cyber threats. Security solutions will need to adapt to this new landscape to stay ahead of these advanced, AI-driven cyberattacks.
