North Korean hacking groups are also arming themselves with AI... The era of AI hacking is becoming a reality [IT Item of the Day]

[The Financial News] Generative AI is evolving beyond a mere "support tool" for cyberattacks and into an actual developer of vulnerabilities. Google has, for the first time in the world, identified a working zero-day attack code that is believed to have been developed using AI. This means AI has moved beyond writing phishing text or partially automating malware, and has now penetrated the stage of developing real hacking weapons.
In its "AI Threat Tracker" report released on the 13th, Google Threat Intelligence Group (GTIG) said it had discovered zero-day attack code that a criminal group preparing a large-scale intrusion campaign is believed to have developed with AI assistance. The group is known as a threat actor with a history of large-scale intrusion attempts.
The attack did not succeed because of a mistake made during implementation, but GTIG judged it to be the first known case of AI being used in zero-day development. Google said it notified the software developer of the vulnerability, completed the patch, and no additional damage occurred.
Although traces of AI use were found in the attack code, Google said it does not appear to have been based on the autonomous attack AI "Claude Mythos Preview," which has recently drawn controversy in the industry.
Meanwhile, the use of AI by state-backed hacking groups is also advancing rapidly. The North Korea-backed hacking group APT45 was found to have used AI to verify thousands of attack codes and build up attack assets on a large scale. GTIG also said China-linked threat actors are actively using AI for vulnerability analysis and attack code development.
Attack methods are also evolving around "Agentic AI." Attackers are using open-source frameworks such as OpenClo to autonomously carry out attack processes in test environments and improve infiltration efficiency. In fact, some China-linked threat actors were found to have carried out persistent reconnaissance attacks based on AI agents against a Japanese technology company.
Russia has also been using AI for psychological warfare and information manipulation. Russia-linked actors upgraded malware used against Ukraine with AI, and in information operations targeting the United States, Ukraine, and France, they spread deepfake content that combined manipulated voices and video with real news footage.
Moves to obtain the latest Large Language Model (LLM) technology have also been detected. According to GTIG, China-linked cyber espionage group UNC5673 and others are attempting anonymous access to high-performance AI models by using middleware for identity laundering and tools that automate account registration. Their goal is to bypass usage limits or reduce operating costs so they can use large-scale AI services for malicious activity.
The security industry says AI-based cyberattacks have already moved beyond the experimental stage and entered an industrialized phase. Vulnerability discovery and attack code creation, once carried out mainly by skilled hackers, are now being automated and scaled up through AI, changing the speed of attacks themselves.
John Hultquist, chief analyst at GTIG, said, "The war over vulnerabilities driven by AI has already begun." He added, "Behind the zero-days we have confirmed as AI-driven, there are likely many more cases that have not yet been detected." He continued, "Threat actors are using AI to improve the speed, scale, and sophistication of attacks," and noted that AI use is expanding across nearly every area, including automating attack testing, strengthening persistence in targeted intrusions, and advancing malware.
  


yjjoe@fnnews.com Jo Yoon-joo Reporter