Microsoft and OpenAI worked together to take down five state-affiliated malicious actors using AI. These actors, named Charcoal Typhoon, Salmon Typhoon, Crimson Sandstorm, Emerald Sleet, and Forest Blizzard, were using AI services for various malicious activities.
Charcoal Typhoon was researching companies and cybersecurity tools, debugging code, and creating content for phishing campaigns. Salmon Typhoon was translating technical papers, retrieving information on intelligence agencies, and researching ways processes could be hidden on a system. Crimson Sandstorm used AI for scripting support, creating content for spear-phishing campaigns, and researching ways malware could evade detection. Emerald Sleet used AI to understand vulnerabilities, identify experts and organizations in defense, and create content for phishing campaigns. Forest Blizzard primarily used AI for open-source research into satellite communication protocols and radar imaging technology.
More technical details on the threat actors’ activities can be found in Microsoft’s blog post. The activities of these actors align with previous red team assessments that found limited capabilities for malicious cybersecurity tasks with AI.