AI Chatbots: A National Security Threat?

AI-powered chatbots: the threats to national security are only beginning.

The United Kingdom's National Cyber Security Center (NCSC) and the US National Security Agency (NSA) have recently issued warnings regarding the potential security threats posed by AI chatbots like ChatGPT. Concerns have arisen due to the accidental leakage of trade secrets or sensitive information through these AI tools. Cybercriminals can exploit AI chatbots to improve phishing attacks, engage in cyber espionage, and deliver targeted malware.

A Samsung employee used ChatGPT to optimize a confidential product design, leaving a trade secret behind. This prompted Samsung to develop machine-learning software for internal use. AI technologies advance rapidly, and their regulation and control become increasingly challenging. The private sector holds much expertise to assess these technologies, which advance faster than policies and organizational reforms in the government.

Some security experts argue that AI can be used to combat AI-powered threats, while others call for regulations to mitigate risks to national security. There have been suggestions to designate AI technologies as dual-use technologies, bringing them under the International Traffic in Arms Regulations (ITAR). This would not prohibit international collaboration or sharing but would require the government to have a say in their use.

US Cyberwarriors Thwarted 2020 Iran Election Hacking Attempt.

Iranian hackers breached a US municipal government's system used to publish unofficial election results in 2020, but US cyber soldiers detected and removed them before an attack could be launched. The compromised system was not for casting or counting ballots but for reporting results on a public website. Officials didn't identify the targeted local government, and the hackers could have potentially altered or disrupted the results page without affecting the actual vote counting. The intrusion was identified during a "hunt-forward" mission by the US Cyber Command's Cyber National Mission Force, which then worked with the municipality to respond to the breach. This incident highlights the efforts of US military cyber warriors to prevent election interference similar to the Russian hack-and-leak operation in 2016.

US sanctions Chinese men linked to notorious North Korean hackers.

The US Treasury imposed sanctions on Chinese individuals Wu Huihui and Cheng Hung-man, accusing them of laundering money for North Korea's Lazarus Group, a notorious hacking and cybercrime operation. The two men allegedly laundered virtual currencies stolen by Lazarus operatives through the international financial system, including the US banking sector, for the North Korean government. The Lazarus Group, controlled by Pyongyang's primary intelligence agency, the Reconnaissance General Bureau, has been involved in numerous online thefts, accumulating hundreds of millions of dollars yearly. In 2022 alone, North Korean cyber actors stole an estimated $1.7 billion worth of virtual currency.

China's 'Evasive Panda' Hijacks Software Updates to Deliver Custom Backdoor. 

A Chinese advanced persistent threat (APT) group called Evasive Panda has been hijacking legitimate application update channels for software developed by Chinese companies to deliver custom malware. The campaign has been ongoing for two years, targeting individuals in China and Nigeria to steal credentials and data for cyber-espionage purposes. Researchers at Eset discovered that the legitimate application software component downloaded the MgBot backdoor installers from legitimate URLs and IP addresses during automated updates. The malware is used exclusively by Evasive Panda, making it easier to attribute the activity to the group. Researchers still need to be more conclusive about how the group delivers malware through legitimate software update channels. However, they have narrowed it to two possible scenarios: supply chain compromise or an adversary-in-the-middle (AitM) attack.

Charming Kitten targets critical infrastructure in the US and elsewhere with BellaCiao malware.

The Iranian state-sponsored hacking group Charming Kitten has been identified as responsible for a new series of attacks on critical infrastructure in the United States and other countries. Since 2011, the group has targeted activists, journalists, and organizations in various nations. Microsoft recently linked Charming Kitten to cyberattacks on US critical infrastructure between late 2021 and mid-2022.

According to a Bitdefender report, the group has developed custom malware called BellaCiao to evade detection—the malware is tailored to individual victims, including company names, subdomains, and IP addresses. BellaCiao aims to disable Microsoft Defender and create backdoors for remote access and data exfiltration. Organizations should ensure their systems are well-maintained, use strong and unique passwords, and have patched software vulnerabilities.