Nation-state actors associated with Russia, North Korea, Iran, and other country are experimenting with artificial intelligence (AI) and large language models (LLMs) to complement their ongoing cyber attack operations.
与俄罗斯、朝鲜、伊朗等相关的国家行为者正在尝试使用人工智能(AI)和大型语言模型(LLMs)来补充其持续进行的网络攻击行动。
The findings come from a report published by Microsoft in collaboration with OpenAI, both of which said they disrupted efforts made by five state-affiliated actors that used its AI services to perform malicious cyber activities by terminating their assets and accounts.
这些发现来自于微软与OpenAI合作发布的一份报告,两家公司均表示他们通过终止其资产和账户,破坏了五个使用其AI服务进行恶意网络活动的国家附属行为者的努力。
"Language support is a natural feature of LLMs and is attractive for threat actors with continuous focus on social engineering and other techniques relying on false, deceptive communications tailored to their targets' jobs, professional networks, and other relationships," Microsoft said in a report shared with The Hacker News.
微软在与《黑客新闻》共享的一份报告中表示:“语言支持是LLMs的一个自然功能,对于那些不断专注于社会工程和其他依赖于针对其目标的工作、专业网络和其他关系进行的虚假、欺骗性沟通的威胁行为者来说,这是一个有吸引力的功能。”
While no significant or novel attacks employing the LLMs have been detected to date, adversarial exploration of AI technologies has transcended various phases of the attack chain, such as reconnaissance, coding assistance, and malware development.
虽然迄今为止没有发现使用LLMs进行的重大或新颖的攻击,但对AI技术的对抗性探索已经超越了侦察、编码辅助和恶意软件开发等攻击链的各个阶段。
"These actors generally sought to use OpenAI services for querying open-source information, translating, finding coding errors, and running basic coding tasks," the AI firm said.
“这些行为者通常试图利用OpenAI的服务来查询开放源信息、翻译、查找编码错误和运行基本编码任务,”该人工智能公司表示。
For instance, the Russian nation-state group tracked as Forest Blizzard (aka APT28) is said to have used its offerings to conduct open-source research into satellite communication protocols and radar imaging technology, as well as for support with scripting tasks.
例如,被追踪为Forest Blizzard(又称APT28)的俄罗斯国家行为组织被称为(俄罗斯APT28)据说曾利用其产品进行卫星通信协议和雷达成像技术的开源研究,以及在脚本编写任务方面提供支持。
Some of the other notable hacking crews are listed below -
以下是一些其他知名黑客团队 -
-
Emerald Sleet (aka Kimusky), a North Korean threat actor, has used LLMs to identify experts, think tanks, and organizations focused on defense issues in the Asia-Pacific region, understand publicly available flaws, help with basic scripting tasks, and draft content that could be used in phishing campaigns.
翡翠雨(又称Kimusky)是一个朝鲜威胁行为者,已经利用语言模型(LLMs)来识别亚太地区关注防御问题的专家、智库和组织,理解公开可获得的漏洞,协助完成基本的脚本任务,并起草可能用于网络钓鱼活动的内容。
-
Crimson Sandstorm (aka Imperial Kitten), an Iranian threat actor who has used LLMs to create code snippets related to app and web development, generate phishing emails, and research common ways malware could evade detection
赤红沙尘(又称帝国小猫)是一个伊朗威胁行为者,已经利用语言模型(LLMs)创建与应用和网页开发相关的代码片段,生成网络钓鱼邮件,并研究恶意软件可能逃避检测的常见方法。
-
Charcoal Typhoon (aka Aquatic Panda), a threat actor which has used LLMs to research various companies and vulnerabilities, generate scripts, create content likely for use in phishing campaigns, and identify techniques for post-compromise behavior
炭灰台风(又称水生熊猫)是一个国家级威胁行为者,已经利用语言模型(LLMs)研究了多家公司和漏洞,生成脚本,创建可能用于网络钓鱼活动的内容,并识别后期受损行为的技术。
-
Salmon Typhoon (aka Maverick Panda), a Chinese threat actor who used LLMs to translate technical papers, retrieve publicly available information on multiple intelligence agencies and regional threat actors, resolve coding errors, and find concealment tactics to evade detection
鲑鱼台风(又称独行侠熊猫)是一个国家级威胁行为者,曾利用语言模型(LLMs)翻译技术论文,检索多个情报机构和地区威胁行为者的公开信息,解决编码错误,并寻找隐匿策略以逃避检测。
Microsoft said it's also formulating a set of principles to mitigate the risks posed by the malicious use of AI tools and APIs by nation-state advanced persistent threats (APTs), advanced persistent manipulators (APMs), and cybercriminal syndicates and conceive effective guardrails and safety mechanisms around its models.
微软表示,它还正在制定一套原则来缓解国家级持续性高级威胁(APTs)、高级持续性操纵者(APMs)和网络犯罪集团等利用人工智能工具和API造成的风险,并在其模型周围构建有效的防护和安全机制。
"These principles include identification and action against malicious threat actors' use notification to other AI service providers, collaboration with other stakeholders, and transparency," Redmond said.
“这些原则包括识别和对恶意威胁行为者的使用通知其他AI服务提供商,与其他利益相关者合作,以及透明度,”雷德蒙德表示。
原文始发于微信公众号(知机安全):微软、OpenAI警告:国家级黑客借助AI进行网络攻击
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论