Microsoft said Wednesday it had detected and disrupted instances of U.S. adversaries — chiefly Iran and North Korea and to a lesser extent Russia and China — using or attempting to exploit generative artificial intelligence developed by the company and its business partner to mount or research offensive cyber operations.

The techniques Microsoft observed, in collaboration with its partner OpenAI, represent an emerging threat and were neither “particularly novel or unique,” the Redmond, Washington, company said in a blog post.

But the blog does offer insight into how U.S. geopolitical rivals have been using large-language models to expand their ability to more effectively breach networks and conduct influence operations.


Advertisement


Microsoft said the “attacks” detected all involved large-language models the partners own and said it was important to expose them publicly even if they were “early-stage, incremental moves.”

Cybersecurity firms have long used machine-learning on defense, principally to detect anomalous behavior in networks. But criminals and offensive hackers use it as well, and the introduction of large-language models led by OpenAI’s ChatGPT upped that game of cat-and-mouse.

Microsoft has invested billions of dollars in OpenAI, and Wednesday’s announcement coincided with its release of a report noting that generative AI is expected to enhance malicious social engineering, leading to more sophisticated deepfakes and voice cloning . A threat to democracy in a year where over 50 countries will conduct elections, magnifying disinformation and already occurring,

Here are some examples Microsoft provided. In each case it said all generative AI accounts and assets of the named groups were disabled:

— The North Korean cyberespionage group known as Kimsuky has used the models to research foreign think tanks that study the country, and to generate content likely to be used in spear-phishing hacking campaigns.

— Iran’s Revolutionary Guard has used large-language models to assist in social engineering, in troubleshooting software errors, and even in studying how intruders might evade detection in a compromised network.

That includes generating phishing emails “including one pretending to come from an international development agency and another attempting to lure prominent feminists to an attacker-built website on feminism.” The AI helps accelerate and boost the email production.

— The Russian GRU military intelligence unit known as Fancy Bear has used the models to research satellite and radar technologies that may relate to the war in Ukraine.

— The Chinese cyberespionage group known as Aquatic Panda — which targets a broad range of industries, higher education and governments from France to Malaysia — has interacted with the models “in ways that suggest a limited exploration of how LLMs can augment their technical operations.” (READ MORE)