Security researchers have warned of an alarming increase in the development of malware using artificial intelligence tools, marking a significant transition from the theoretical realm to practical applications in cybercrime. This phenomenon has been documented by the cybersecurity firm Check Point Research, which has analyzed the activities of a well-known state-backed threat actor from North Korea, known as KONNI, which has been active for over a decade.
The evolution of cyber threats
Initially, KONNI’s focus was on politicians, diplomats, and academics, primarily in South Korea. However, in its latest campaign, the group has changed its strategy, targeting software developers, especially those related to blockchain and cryptocurrencies. The attackers have been using highly convincing phishing techniques to access cloud infrastructures, source code repositories, and blockchain credentials.
CPR researchers explain that those who have fallen into the trap have allowed the installation of an AI-generated backdoor in PowerShell, which has provided attackers with full access to the victims’ computers and the secrets stored on them. This use of AI-generated malware not only accelerates the development of new attacks but also allows for faster and more flexible customization of threats, thereby evading traditional signature-based detection methods.
In light of this new reality, cybersecurity professionals will need to adapt their approaches. There is an emphasis on the need to consider development environments as high-value targets and to strengthen prevention against phishing within collaboration and development workflows. Additionally, it is recommended to protect development infrastructures and the cloud with robust access controls and to use AI-driven threat prevention techniques to detect malware that is not visible in the early stages of an attack.