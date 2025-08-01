Detecting and responding to these threats presents a Herculean task: cut off one head of the hydra and two more grow to replace it. Today, threat actors are weaponizing AI to make their attacks more efficient. OpenAI has even banned ChatGPT accounts linked to nation-state threats

In the shadow of Chinese cyberattacks , cybersecurity professionals need to stay pragmatic. Organizations must take responsibility for their own cybersecurity and compliance programs. That means understanding the nature of the threats they face, evaluating how to mitigate AI-enabled cyberattacks with AI-enabled tools, and adopt a more proactive approach with preemptive protection.

The attribution of APTs, such as Volt Typhoon and Salt Typhoon, is useful for understanding the motives of those responsible for these campaigns. However, cybersecurity pros should not overlook the tactics, techniques and procedures (TTPs) of these APTs and their associated indicators of compromise (IOCs).

Historically, CISA has proven a vital resource for understanding these nuances. The modus operandi of Volt Typhoon includes extensive reconnaissance of network architectures, initial access targeting the vulnerabilities of public-facing network appliances, and a variety of living-off-the-land (LOTL) techniques to evade detection and establish persistence. Salt Typhoon has exhibited similar behavior by targeting vulnerable networking devices and using LOTL techniques.

The success of these attacks reveals an unsettling reality. Many organizations still have exposures, such as vulnerable assets or misconfigured services, and they struggle to detect the malicious use of legitimate system tools and processes.

Savvy cybersecurity teams realize that even the latest and greatest cybersecurity tools cannot stop these attacks without a focus on fundamentals. To enhance these efforts, a focus on compliance and common security frameworks (CSF), such as NIST 800-53, can offer an effective framework for establishing a secure foundation, such as developing an asset inventory and a vulnerability management program.

The OpenAI report echoes conversations I’ve had with cybersecurity executives. Threat actors are leveraging AI to conduct their attacks with greater efficiency and effectiveness. Security teams need to match their pace.

OpenAI found that Chinese nation-state hackers are leveraging AI to conduct social engineering campaigns and optimize malicious code. Google has demonstrated that AI can discover zero-day vulnerabilities , serving as a proof-of-concept for Chinese threat actors.

China may also use AI to automate its reconnaissance and cyberattacks . AI tools can continuously scan networks for vulnerabilities and execute attacks without human intervention or identify targets where attacks are unlikely to be detected.

All of these capabilities map back to common TTPs of Volt Typhoon and Salt Typhoon, which underscores why it is so important to preemptively remediate the exposures they target.

Chinese APTs have been emboldened by the success of their cyberattacks on critical infrastructure and are actively integrating AI into their campaigns. Despite the ChatGPT ban, Chinese threat actors can easily pivot to using other AI models.

It’s essential that security teams shift toward preemptive protection and adoption of AI-enabled tools of their own. Real-time visibility can help organizations identify their blind spots and close gaps across their IT, OT and cloud environments. Continuous monitoring can identify risks as they are discovered, from emerging vulnerabilities to unmanaged assets.

Predictive AI models can detect threats in real time, including the malicious behavior indicative of LOTL techniques. These are the common TTPs of Chinese APTs, so addressing them head-on will bolster defense against them.

If Hercules could only defeat the hydra by closing its wounds before new heads could grow, security teams can only defeat these threats by severing their connections so they can’t come back. The only way to know they are truly gone: leverage AI-enabled real-time visibility and continuous monitoring.

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.