Cybercriminals massively adopt artificial intelligence
The latest Microsoft Threat Intelligence report highlights a major evolution in the cybersecurity landscape: the systematic integration of generative artificial intelligence into malicious operations. This massive adoption radically transforms attack methods, allowing cybercriminals to accelerate their operations and significantly reduce technical barriers.
Threat Evolution
Malicious actors now exploit generative AI at all stages of their campaigns: reconnaissance, phishing, infrastructure development, malware creation, and post-compromise activities.
According to Microsoft analysts, this technology functions as a force multiplier that reduces technical friction while preserving human control over strategic objectives and deployment decisions.
Concrete applications of AI in cyberattacks
Automation of malicious content creation
Generative AI tools are primarily used to produce malicious text, code, and media. Observed use cases include:
- Writing personalized and convincing phishing emails
- Automatic translation to target multilingual populations
- Synthesis of stolen data to facilitate its exploitation
- Generation and debugging of malware with technical assistance
- Configuration of automated attack infrastructures
Case study: North Korean groups Jasper Sleet and Coral Sleet
Microsoft has documented sophisticated AI use by several threat groups, notably North Korean actors Jasper Sleet (Storm-0287) and Coral Sleet (Storm-1877), specialized in remote IT worker schemes.
Generation of fictional identities
Jasper Sleet exploits generative AI platforms to create realistic digital personas. Actors use specific prompts to generate lists of culturally appropriate names and email address formats matching targeted profiles.
Automated job offer analysis
The group uses AI to analyze job offers in software development and IT, automatically extracting required skills to adapt their fake identities to specific roles.
Development of malicious infrastructure
Coral Sleet leverages AI to quickly generate fake company websites, provision infrastructure, and test their deployments in an automated manner.
Examples of malicious prompts
"Create a list of 100 Greek names" or "Create a list of email address formats using the name Jane Doe" illustrate the simplicity of requests used to generate malicious content.
Evolution toward autonomous AI and protection bypass
AI-assisted malware development
Cybercriminals exploit AI-based coding tools to:
- Generate and refine malicious code
- Fix programming errors
- Port malware components to different languages
- Create dynamic scripts that modify their behavior in real time
Bypass techniques (Jailbreaking)
Faced with protection measures integrated into AI models, malicious actors develop sophisticated jailbreaking techniques to bypass limitations and generate prohibited content.
Emergence of Agentic AI
Microsoft observes initial experiments with agentic AI, capable of performing tasks autonomously and adapting to obtained results, although its use remains limited to decision-making rather than autonomous attacks.
Defensive strategies against AI-assisted attacks
Treating IT worker campaigns as insider risks
Given that these campaigns exploit legitimate access, Microsoft recommends organizations treat these schemes as insider risks requiring particular monitoring.
Recommended protective measures
- Detection of abnormal credential usage
- Hardening of identity systems against phishing
- Securing internal AI systems that could become targets
- Implementing controls on access to generative AI tools
A trend confirmed by the security ecosystem
Microsoft's observation is part of a broader trend confirmed by other major cybersecurity players. Google recently documented abuse of Gemini AI at all stages of cyberattacks, while Amazon identified similar campaigns exploiting multiple generative AI services to compromise over 600 FortiGate firewalls.
Future Perspective
This democratization of AI in cyberattacks marks a major turning point, requiring rapid adaptation of defensive strategies and increased awareness of emerging attack vectors.
Conclusion: toward a new era of cybersecurity
The integration of artificial intelligence into malicious operations represents a fundamental evolution of the threat landscape. Organizations must adapt their security strategies to face attackers now capable of automating and accelerating their operations through generative AI.
This transformation requires a holistic approach combining advanced behavioral detection, hardening of identity systems, and proactive securing of internal AI tools to anticipate future developments of this emerging threat.
