- KONNI uses AI-generated malware, shifting focus to blockchain and crypto developers
- Phishing lures delivered AI-generated PowerShell backdoor, enabling access to sensitive developer environments
- CPR urges AI-driven defenses, stronger phishing prevention, and stricter cloud access controls
Security researchers have found more malware being developed with the help of Gen AI, as the use of AI tools in cybercrime moves from theory into practice, and that defenders should also start integrating AI into their tech stack.
Security outfit Check Point Research (CPR) has detailed KONNI, a known North Korean state-sponsored threat actor that has been around for more than a decade.
According to CPR, KONNI is known for targeting South Korean politicians, diplomats, academics, and other similar targets. However, after more than a decade of chasing after political and diplomatic targets, KONNI shifted its attention towards software developers - specifically, blockchain and crypto developers.
AI-generated PowerShell backdoor
CPR says that in the latest campaign, KONNI was mailing IT technicians with highly convincing phishing lures, attempting to access cloud infrastructure, source code repositories, APIs, and blockchain-related credentials.
Those that took the bait deployed an AI-generated PowerShell backdoor that granted the attackers access to their computers, and through it, to all of the secrets stored there.
“A defining aspect of this campaign is the deployment of an AI-generated PowerShell backdoor, demonstrating how artificial intelligence is accelerating malware development and deployment,” CPR said in its report.
“Rather than introducing entirely new attack techniques, AI enables faster iteration, easier customization, and greater flexibility.”
The report also stresses that this means cybersecurity professionals will have to change, or evolve, their approach, as well. AI-generated malware can change faster and to a greater extent, evading traditional, signature-based detection with ease.
“Organizations should treat development environments as high-value targets,” CPR concludes. To defend, they should first strengthen phishing prevention across collaboration and developer workflows. After that, they should protect development and cloud environments with strong access controls and finally, use AI-driven threat prevention to block unseen malware early in the attack chain.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
Source: TechRadar
