Hackers abusing AI at every stage of cyberattacks
Hackers abusing AI at every stage of cyberattacks
Publish Date: 2026-03-07 10:15:00
Source Domain: www.bleepingcomputer.com
Microsoft says threat actors are increasingly using artificial intelligence in their operations to accelerate attacks, scale malicious activity, and lower technical barriers across all aspects of a cyberattack.
According to a new Microsoft Threat Intelligence report, attackers are using generative AI tools for a wide range of tasks, including reconnaissance, phishing, infrastructure development, malware creation, and post-compromise activity.
In many cases, AI is used to draft phishing emails, translate content, summarize stolen data, debug malware, and assist with scripting or infrastructure configuration.
“Microsoft Threat Intelligence has observed that most malicious use of AI today centers on using language models for producing text, code, or media. Threat actors use generative AI to draft phishing lures, translate content, summarize stolen data, generate or debug malware, and scaffold scripts or infrastructure,” warns Microsoft.
“For these uses, AI functions as a force multiplier that reduces technical friction and accelerates execution, while human operators retain control over objectives, targeting, and deployment decisions.”
Threat actor use of AI across the cyberattack lifecycle
Source: Microsoft
AI used to power cyberattacks
Microsoft has observed multiple threat groups incorporating AI into their cyberattacks, including North Korean actors tracked as Jasper Sleet (Storm-0287) and Coral Sleet (Storm-1877), who use the technology as part of remote IT worker schemes.
In these operations, AI tools help generate realistic identities, resumes, and communications to gain employment at Western companies and maintain access once hired.
Jasper Sleet leverages generative AI platforms to streamline the development of fraudulent digital personas. For example, Jasper Sleet actors have prompted AI platforms to generate culturally appropriate name lists and email address formats to match specific identity profiles. For example, threat actors might…
