#cyber-espionage

#cyber-espionage

Earlier this week at Microsoft's Ignite conference in San Francisco, the overwhelming onslaught of artificial intelligence-related announcements made it easy to miss some of the company's more significant "all-AI all-the-time" news. Also: Microsoft's new AI agents create your Word, Excel, and PowerPoint projects now The word "Copilot" -- representative of Microsoft's flagship AI brand -- made thousands of appearances across virtually every functional area of the technology firm's offerings, a testimony to an AI-first strategy that also blanketed its portfolio of security-related solutions.

The makers of artificial intelligence (AI) chatbot Claude claim to have caught Chinese government hackers using the tool to perform automated cyber attacks against around 30 global organisations. Anthropic said hackers tricked the chatbot into carrying out automated tasks under the guise of carrying out cyber security research. The company claimed in a blog post this was the "first reported AI-orchestrated cyber espionage campaign".

According to Burgess, a hacker group known as Volt Typhoon is trying to break into critical infrastructure networks such as power, water, and transportation systems. Burgess warned that successful hacks could affect energy and water supplies, and cause widespread outages. The U.S. has previously said that the Chinese hackers have spent years planting malware on critical infrastructure systems that are capable of causing disruptive cyberattacks when activated.

Some of these [companies' are heavily involved in the unmanned aerial vehicle (UAV) sector, suggesting that the operation may be linked to North Korea's current efforts to scale up its drone program," ESET security researchers Peter Kálnai and Alexis Rapin said in a report shared with The Hacker News. It's assessed that the end goal of the campaign is to plunder proprietary information and manufacturing know-how using malware families such as ScoringMathTea and MISTPEN.

The cyber espionage activity was first flagged by the Russian cybersecurity vendor in November 2024, when it disclosed a set of attacks aimed at government entities in Latin America and East Asia in June, using never-before-seen malware families tracked as Neursite and NeuralExecutor. It also described the operation as exhibiting a high level of sophistication, with the threat actors leveraging already compromised internal servers as an intermediate command-and-control (C2) infrastructure to fly under the radar.

The threat actor leveraged combinations of sophisticated and stealthy techniques creating multilayered attack kill chains to facilitate access to restricted and segmented network assets within presumed to be isolated environments.

APT36's focus on Linux-specific systems, particularly those used in government infrastructure, reinforces that no operating system is off-limits to nation-state attackers. This kind of multi-layered phishing attack highlights how threat actors are constantly evolving their tactics to quietly bypass defenses and exploit user trust.