- KONNI uses AI-generated malware, focusing on blockchain and crypto developers
- Phishing lures offered an AI-generated PowerShell backdoor, allowing access to sensitive developer environments
- CPR Urges AI-Powered Defenses, Stronger Phishing Prevention, and Tighter Cloud Access Controls
Security researchers have found that more malware is being developed with the help of Gen AI, as the use of AI tools in cybercrime moves from theory to practice, and that defenders should also start integrating AI into their technology stack.
Security outfit Check Point Research (CPR) has detailed KONNI, a known North Korean state-sponsored threat actor that has existed for more than a decade.
According to CPR, KONNI is known for attacking South Korean politicians, diplomats, academics and other similar targets. However, after more than a decade of pursuing political and diplomatic goals, KONNI turned its attention to software developers, specifically blockchain and crypto developers.
AI-generated PowerShell backdoor
CPR says that in the latest campaign, KONNI was emailing IT technicians with very convincing phishing lures, attempting to access cloud infrastructure, source code repositories, APIs, and blockchain-related credentials.
Those who took the bait implemented an AI-generated PowerShell backdoor that gave attackers access to their computers and, through it, to all the secrets stored there.
“A defining aspect of this campaign is the deployment of an AI-generated PowerShell backdoor, demonstrating how artificial intelligence is accelerating the development and deployment of malware,” CPR said in its report.
“Rather than introducing entirely new attack techniques, AI enables faster iteration, easier customization, and greater flexibility.”
The report also emphasizes that this means that cybersecurity professionals will also have to change or evolve their approach. AI-generated malware can change faster and to a greater extent, easily evading traditional signature-based detection.
“Organizations should treat development environments as high-value targets,” CPR concludes. To fight back, they should first strengthen phishing prevention in collaboration and development workflows. After that, they must secure development and cloud environments with strong access controls and finally use AI-powered threat prevention to block invisible malware early in the attack chain.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
