Last week, Microsoft revealed through a report that it managed to detect and stop several cyberattack attempts carried out by hackers linked to countries such as China, Russia, Iran and North Korea, who were using and exploiting, according to it, intelligence tools generative artificial intelligence (AI) that were developed by the company and OpenAI, its partner.

According to the American company, such hackers would be using large-scale language models, known as LLM, to access information about rival countries, develop codes with malicious potential and deceive their targets.

Microsoft's announcement of the discovery came at the same time it launched a blanket ban on the use of its artificial intelligence products by hacker groups that are funded by governments.

“Regardless of whether or not there is a violation of the law or our terms of service, we simply do not want these actors that we have identified, which we know are threats of various types, to have access to this technology,” said a representative for the technology giant in agency interview Reuters.

On its website, Microsoft identified the hacker groups that would be trying to use AI to carry out cyber attacks, they are: Forest Blizzard, from Russia, Emerald Sleet, from North Korea, Crimson Sandstorm, from Iran, Charcoal Typhoon and Salmon Typhoon , both from China. Each of them has, according to the company, its own interests and objectives, ranging from military and political matters to economic and social issues.

The Forest Blizzard group, for example, would be using AI to conduct research into relevant satellite and radar technologies that could contain information about the war in Ukraine.

In turn, Emerald Sleet, linked to North Korea, used AI to exploit vulnerabilities in Western network systems. Crimson Sandstorm, associated with Iran, used AI tools to develop more sophisticated methods of phishingused to steal data from countries in the Middle East and the USA.

Meanwhile, the Chinese groups Charcoal Typhoon and Salmon Typhoon, which are allegedly linked to the Communist Party, would be exploring tools to create programs that could access and search for information on sensitive topics, such as regional geopolitics and United States influence. They also wanted to use these systems to perpetrate new attacks against government, academic, health and human rights organizations.

The report also highlights that these hackers are using AI pragmatically, aiming to increase their efficiency in malicious cyber activities, such as writing emails, translating documents, debugging codes and researching ways to avoid detection by antivirus programs.

The documented cases also reveal different strategies, such as creating email addresses phishing more convincingly, the exploitation of vulnerabilities in Western systems and even the use of AI to translate sensitive documents, which could facilitate the theft of strategic information.

Following the discovery, Microsoft said it took steps to block and disable accounts and resources used by hackers, and began research to improve the protection of its services and AI systems.

The company also announced principles to guide its actions against the misuse of its tools by malicious actors. These include identifying and taking action against hackers, notifying other AI service providers, collaborating with other stakeholders, and being transparent about the actions taken.

Security concern

The announcement that government-backed hackers are using AI tools to increase their espionage capabilities has technology companies worried. However, both Microsoft and OpenAI described hackers' use of their tools as “early.”

Bob Rotsted, who leads cybersecurity threat intelligence at OpenAI, said “this is one of the first, if not the first, case of an AI company coming out and publicly discussing how cybersecurity threat actors use their technologies.”

Microsoft said its main goal in releasing information about the hackers was to “ensure the safe and responsible use of AI technologies like ChatGPT.”

According to information from Reuters, Senior cybersecurity officials in Western countries have been warning since last year that malicious actors were making irregular use of AI tools.

South Korea, which is one of the main targets of North Korean hackers, said it is closely monitoring North Korea's movements, keeping in mind the possibility of the country misusing generative AI. According to the South Korean National Intelligence Service, more than 80% of attempted hacking attacks against South Korean companies and public bodies last year came from North Korea.