A threat actor has been caught using AI-generated malware in a real network intrusion, deploying a PowerShell script that was "vibe-coded" to map out an Active Directory environment, according to Huntress. The script was recovered and rebuilt from an incident on June 3, serving as a case study in how criminals are weaponizing AI, with further coverage provided by Infosecurity Magazine.The AI-generated tool, titled "100% Working AD Information Gathering Script - FULLY FIXED," exhibited several hallmarks of LLM assistance, including a placeholder server name, over-engineering with multiple fallback methods, and a "pretty" console output using excessive colors, Huntress said. Once it located the domain controller, the script harvested Active Directory users, computers, groups, and trusts, compiling the data into spreadsheets and generating an HTML report. The intrusion itself followed a familiar pattern: the attacker used stolen credentials to log in via RDP, staged tools in a common Windows folder, and then ran the AI-generated script for network reconnaissance. Data exfiltration was handled using legitimate cloud tools.The primary challenge for defenders is detection, as the unique, one-off nature of the AI-generated script renders traditional signature-based antivirus methods ineffective. This trend highlights the need for behavioral analytics to detect underlying malicious actions rather than relying on known malware signatures.Source: Infosecurity Magazine
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds




