The end of perimeter defense: When your own AI tools become the threat actor

Vitaly Simonovich, a security researcher at Cato Networks, has told VentureBeat that Russian APT28 is actively deploying LLM-powered malware against Ukraine, with underground platforms now selling the same capabilities for $250 per month, adding that consumer AI tools can be transformed into malware factories in under six hours, as current safety controls are ineffective at stopping such attacks.
APT28 is thought to have deployed the first real-world instance of LLM-powered malware, called LAMEHUG.
LAMEHUG is being used to probe Ukrainian cyber defences and is designed to query AI models while displaying distracting content to victims.
Simonovich demonstrated that any enterprise AI tool can be converted into a malware development platform in under six hours using an “Immersive World” technique.
This entails creating a fictional narrative for the development of malware that distracts and takes advantage of shortfalls in LLM safety controls while avoiding direct malicious requests.
LAMEHUG is thought to be delivered via phishing emails and can perform system reconnaissance and document harvesting while displaying distracting, and often provocative, content to victims.
Researchers have called on AI companies to increase their security efforts in light of these threats.

Fast Feed