Microsoft Slays The AI Demons
At Least For Now
On February 14, 2024, Microsoft, partnering with OpenAI, published, "Staying ahead of threat actors in the age of AI." The report described how Microsoft and OpenAI disrupted several nation-state groups of threat actors whose purpose and intention had been to leverage Artificial Intelligence technology toward their own nefarious ends. In its blog posting titled, "Disrupting malicious uses of AI by state-affiliated threat actors," also dated February 14, 2024, OpenAI says that the two AI giants had "disrupted five state-affiliated malicious actors." In publishing these findings, Microsoft claims the objective of these efforts both by Microsoft and OpenAI is "to ensure the safe and responsible use of AI technologies like ChatGPT," while, at the same time, "upholding the highest standards of ethical application to protect the community from potential misuse."
Microsoft lists five different threat actors who have exploited AI technology for their own uses. In each case, Microsoft says it has disabled "all accounts and assets" associated with each threat actor that it lists. Below you will see research shows several of these nation-state actors are well known cybersecurity threats who have been active for years. The following will give readers an overview of Microsoft's efforts at thwarting these threat actors.
1.
Forest Blizzard is a known threat actor
associated with the Russian military. Its "tactics,
techniques, and procedures (TTPs)", according to Microsoft,
included "targeting organizations in and related to Russia’s war
in Ukraine throughout the duration of the conflict." Forest Blizzard had used AI to "understand satellite communication
protocols, radar imaging technologies, and specific technical
parameters." Microsoft was not alone in its disruption of Forest
Blizzard. As was reported in
CyberSecurity Dive, February 16, 2024, Forest
Blizzard, also known as Fancy Bear, was one of the threat actors the DOJ
took down in its court order blitz of a botnet that was discussed in
the previous Dispatch.
2.
Emerald Sleet is "a North Korean threat
actor that has remained highly active throughout 2023."
This threat actor has been known for some time. The Hacker News
reported on this threat actor,
May 5, 2023. As Hacker News
reported then:
Active since at least 2012, the prolific threat actor has been linked to targeted attacks on non-governmental organizations (NGOs), think tanks, diplomatic agencies, military organizations, economic groups, and research entities across North America, Asia, and Europe.
Emerald Sheet used spear-phishing emails to direct its victims to malware laden Microsoft Word documents hosted on OneDrive, as the Hacker News article cited above reported. Microsoft observed how this threat actor misused AI technology "to better understand publicly reported vulnerabilities, such as the CVE-2022-30190 Microsoft Support Diagnostic Tool (MSDT) vulnerability (known as “Follina”). In a Dispatch dated, May 20, 2023, a deeper dive into the Follina vulnerability was made.
3.
Crimson Sandstorm, according to the Microsoft
report, is "an Iranian threat actor assessed to be connected to
the Islamic Revolutionary Guard Corps (IRGC). Active since at least
2017, Crimson Sandstorm has targeted multiple sectors, including
defense, maritime shipping, transportation, healthcare, and technology."
Microsoft has been tracking this threat from the Iranian
Revolutionary Guard since 2021. In a separate report first
published November 16, 2021, titled, "Evolving
trends in Iranian threat actor activity – MSTIC presentation at
CyberWarCon 2021," these cybercriminals have been known to
"leverage a network of fictitious social media accounts to build
trust with targets and deliver malware." Now, with the
aid of AI, this threat emanating from Iran, had been seen leveraging AI
technology to, among other hostile acts, "generate various
phishing emails, including one pretending to come from an international
development agency and another attempting to lure prominent feminists to
an attacker-built website on feminism."
DarkReading, October 26, 2023, in a report titled, "Iran APT Targets the Mediterranean With Watering-Hole Attacks," notes that this group has been known to have been "compromising legitimate websites and using them to insert malicious JavaScript."
4.
Charcoal Typhoon, as the recent
Microsoft report says, "is a Chinese state-affiliated threat actor with
a broad operational scope." The threat actor is know to target
"government,
higher education, communications infrastructure, oil & gas, and
information technology." This Chinese group had
exploited AI capabilities for "generating content that could be
used to social engineer targets," according to the Microsoft
report. Their use of AI has also included using the Large Language
Models (LLM) "for assistance with translations and
communication, likely to establish connections or manipulate targets."
5.
Salmon Typhoon is another Chinese threat actor
known for "targeting US defense contractors, government
agencies, and entities within the cryptographic technology sector."
According to Microsoft, the threat actor has only been in the evaluation
stage to determine how AI technology might be a source for "information
on potentially sensitive topics, high profile individuals, regional
geopolitics, US influence, and internal affairs."
In its opening, Microsoft states the obvious fact that "The progress of technology creates a demand for strong cybersecurity and safety measures." It offers as an example, President Biden's, "Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence," released, October 30, 2023, to show how Uncle Same can be a partner, along with technology companies, in adopting policies that strength this nation's efforts at cyber resiliency.
An Executive Order, however, cannot have the strength of law that actual bills passed by Congress, and then signed into law by the President, can have. When performing a search of bills pending from this session of Congress that concern cybersecurity, only one bill has passed the Senate and then sent to the House Of Representatives. Sen. Gary Peter's S.3600 - Strengthening American Cybersecurity Act of 2022, was sent to the House for vote in the lower chamber, March 2, 2022. The bill is currently listed as "Held at The Desk" by the House. Held at the desk for almost two years now. And we pay these clowns to do what?
Gerald Reiff
| Back to Top | ← previous post | next post → |
| If you find this article of value, please help keep the blog going by making a contribution at GoFundMe or Paypal | ||