Cyber Sleuths Uncover AI-Powered PowerShell Plot: TA547’s Info-Stealing Spree Goes High-Tech

Watch out, cyber-sleuths! TA547’s latest move is a laughably cunning AI-generated PowerShell script, delivering a not-so-funny Rhadamanthys info-stealer to German orgs. AI for infostealers? Talk about a malicious upgrade!

Hot Take:

Well, well, well, if it isn’t AI joining the dark side! It seems our favorite chatbots might have been moonlighting as accomplices in cybercrime. TA547, the not-so-friendly neighborhood malware distributor, has apparently been dabbling in poetry – I mean, PowerShell scripts – with a little help from their AI muses. Who knew artificial intelligence would be so keen on a life of crime? I guess we can now update the adage: “To err is human; to really foul things up requires a robot.”

Key Points:

  • PowerShell scripts are the new black in malware fashion, and AI seems to be the designer.
  • TA547, also dubbed Scully Spider, has been playing the malware mixtape since 2017, now grooving to the Rhadamanthys beat.
  • German organizations got an exclusive invite to the malware party with lures of invoices from the Metro cash-and-carry brand.
  • Proofpoint researchers are betting their lunch money that an AI helped craft the PowerShell script.
  • OpenAI’s ChatGPT might need a timeout for potentially aiding cybercriminals, despite its “no evil” training.

Need to know more?

When AI Meets Cybercrime: A Love Story

It seems like TA547 has found a new partner in crime – artificial intelligence. These guys have been around the block, spreading various malwares like a Johnny Appleseed of digital doom. But this time, they've outdone themselves by using AI to create a PowerShell script that's as elegant as it is evil. It's like Bonnie and Clyde, but if Clyde were a chatbot.

"I Steal Data, Therefore I Am"

Let's talk about Rhadamanthys – not the ancient Greek judge of the dead, but the info stealer that's been reaping souls... I mean, data... since September 2022. It's the Swiss Army knife of malware: clipboard, browser, cookies – you name it, Rhadamanthys steals it. This modular stealer is expanding its resume faster than a college student who just discovered extracurricular activities.

Germany's Not-So-Secret Santa

TA547 decided to play Santa Claus for dozens of German organizations, but instead of gifts, they handed out invoices laced with malware. The ZIP archive they sent was password-protected, which is like saying, "Here's a gift – but you'll need to work for it." And the magic password? 'MAR26'. Because when you're a hacker, you have the creativity of a parking meter.

The AI Whisperers

The researchers at Proofpoint aren't just shooting in the dark – they've got receipts. The PowerShell script had that AI-generated je ne sais quoi, with a side of hash signs and comments that scream, "A robot helped me!" They even had ChatGPT-4 play dress-up, and it churned out a script that could be the script's doppelgänger. So, either TA547 has an AI in their back pocket, or they've been cribbing off someone who does.

AI: The New Intern for Cybercrooks

Since ChatGPT sashayed onto the scene, cybercriminals have been swooning. They've been using it to craft love letters in the form of phishing emails, to scout for network vulnerabilities like a creepy ex, and even to build convincing fake websites. It's like they found a new intern that works for exposure – except the exposure is your personal data.

And let's not forget the nation-state actors who've been treating ChatGPT like their personal assistant. China, Iran, Russia – they're all in on the action, using AI to polish their hacking skills. OpenAI tried to play teacher by blocking accounts associated with cybercrime syndicates, but it's a game of whack-a-mole. Because for every account they block, another AI-powered chat platform pops up in the cybercriminal underworld.

In conclusion, the world of cybersecurity just got a little more Blade Runner-esque. AI is not just for passing the Turing test or winning at chess anymore; it's for crafting malware that can slip past defenses like a ghost. And if this is what the future looks like, we might want to keep a closer eye on our AI pals – or at least make them pinky swear they won't go rogue.

Tags: AI-powered malware, , Information stealer, Large Language Models, Malware-as-a-Service (MaaS), PowerShell Scripting, Threat Actor TA547