Iran-linked threat actors have leveraged large language models to underpin cyberattacks aimed at individuals and non-governmental organizations reporting human rights abuses during nationwide protests as part of the RedKitten campaign, according to The Hacker News.Intrusions commenced with the delivery of a 7-ZIP archive with a Farsi filename containing Microsoft Excel files purporting to include protester death details with an illicit VBA macro, a report from French cybersecurity firm HarfangLab showed. Activating the macro, which is suspected to be AI-based due to its format, enables AppDomainManager injection of the C-based SloppyMIO implant that leverages GitHub as a dead drop resolver. Aside from retrieving and caching various modules and executing arbitrary commands, SloppyMIO also allows file exfiltration and further malware distribution."The threat actor's reliance on commoditized infrastructure (GitHub, Google Drive, and Telegram) hinders traditional infrastructure-based tracking but paradoxically exposes useful metadata and poses other operational security challenges to the threat actor," said HarfangLab.Such a development follows a phishing campaign against UK-based Iranian activist Nariman Gharib, as well as the sweeping data leak impacting Iranian state-backed hacking group Charming Kitten.
Threat Intelligence, AI/ML
AI tapped by Iranian hackers in protest-aimed cyberattacks

(Adobe Stock)
An In-Depth Guide to AI
Get essential knowledge and practical strategies to use AI to better your security program.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



