AI/ML, Threat Intelligence, Network Security

Novel CyberStrikeAI tool exploited in attacks

Attackers behind the recent AI-assisted hacking of hundreds of Fortinet FortiGate firewalls worldwide have weaponized the new open-source AI security testing platform CyberStrikeAI in new intrusions, according to BleepingComputer.

CyberStrikeAI which has more than 100 security tools, an AI decision engine, and a skills system allowing automated cyber intrusions has been run by 21 unique IP addresses between Jan. 20 and Feb. 26, one of which is an IP that was found to have communicated with breached Fortinet FortiGate devices, a report from Team Cymru revealed. Most of the servers hosting CyberStrikeAI were in China, Singapore, and Hong Kong, with more infrastructure discovered in the U.S., Europe, and Japan. Additional findings showed CyberStrikeAI to be associated with Chinese state-sponsored cyber operations, while the tool's developer Ed1s0nZ was found to have developed other AI-powered tools.

"In the near future, defenders must be prepared for an environment where tools like CyberStrikeAI, alongside the developer's other AI-assisted privilege escalation projects like PrivHunterAI and InfiltrateX, significantly lower the barrier to entry for complex network exploitation," said Team Cymru Senior Threat Intel Advisor Will Thomas.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds