According to the CrowdStrike 2025 Threat Hunting Report, adversaries are no longer merely using AI as an auxiliary tool but have integrated generative AI technologies into every phase of their operations, from initial reconnaissance to payload deployment.
This paradigm shift represents a fundamental transformation in cyber warfare, where traditional attack methodologies are being supercharged through machine learning algorithms and automated decision-making processes.
The emergence of AI-powered threat campaigns has enabled lower-skilled adversaries to execute sophisticated attacks that previously required advanced technical expertise.
Threat actors are leveraging generative AI for script generation, technical problem-solving, and malware development, democratizing access to high-level cyber capabilities.
The report identifies two notable examples of this trend: the Funklocker and SparkCat malware families, which demonstrate the emergence of GenAI-built malware designed to evade traditional detection mechanisms through dynamically generated code structures and polymorphic behaviors.
CrowdStrike analysts identified a particularly concerning development in the form of DPRK-nexus adversary FAMOUS CHOLLIMA, which infiltrated over 320 companies in the last 12 months representing a staggering 220% year-over-year increase.
This threat actor employs generative AI at every stage of the hiring and employment process, utilizing real-time deepfake technology to mask identities during video interviews and AI code tools to perform job functions while maintaining covert access to organizational systems.
The most sophisticated aspect of these AI-powered campaigns lies in their ability to establish persistent access through enhanced social engineering techniques.
SCATTERED SPIDER exemplifies this approach by combining vishing attacks with help desk impersonation, using AI-generated scripts to accurately provide employee identification numbers and answer verification questions.
The group’s operators leverage machine learning algorithms to analyze publicly available information and construct convincing personas that can bypass multifactor authentication systems and gain access to SaaS environments, often achieving full network encryption within 24 hours of initial compromise.
Integrate ANY.RUN TI Lookup with your SIEM or SOAR To Analyses Advanced Threats -> Try 50 Free Trial Searches
The post Threat Actors Using AI to Scale Operations, Accelerate Attacks and Attack Autonomous AI Agents appeared first on Cyber Security News.
ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions, has recently observed a surge…
Microsoft has released an out-of-band hotpatch, KB5084897, addressing a critical Bluetooth device visibility issue impacting…
Microsoft has announced the release of an AI-powered troubleshooting capability for Microsoft Purview Data Lifecycle…
Illinois Senate Bill 3104 aims to make it easier for residents, including renters and condominium…
The first trailer for Dune: Part 3 has arrived, and it gives us our best…
Hulu’s hit new show Paradise has officially been renewed for its third season, just under…
This website uses cookies.