Tag: Cyber Security

Oct 09, 2025Ravie LakshmananArtificial Intelligence / Malware

Russian hackers’ adoption of artificial intelligence (AI) in cyber attacks against Ukraine has reached a new level in the first half of 2025 (H1 2025), the country’s State Service for Special Communications and Information Protection (SSSCIP) said.

“Hackers now employ it not only to generate phishing messages, but some of the malware samples we have analyzed show clear signs of being generated with AI – and attackers are certainly not going to stop there,” the agency said in a report published Wednesday.

SSSCIP said 3,018 cyber incidents were recorded during the time period, up from 2,575 in the second half of 2024 (H2 2024). Local authorities and military entities witnessed an increase in attacks compared to H2 2024, while those targeting government and energy sectors declined.

One notable attack observed involved UAC-0219’s use of malware called WRECKSTEEL in attacks aimed at state administration bodies and critical infrastructure facilities in the country. There is evidence to suggest that the PowerShell data-stealing malware was developed using AI tools.

Some of the other campaigns registered against Ukraine are listed below –

• Phishing campaigns orchestrated by UAC-0218 targeting defense forces to deliver HOMESTEEL using booby-trapped RAR archives
• Phishing campaigns orchestrated by UAC-0226 targeting organizations involved in the development of innovations in the defense industrial sector, local government bodies, military units, and law enforcement agencies to distribute a stealer called GIFTEDCROOK
• Phishing campaigns orchestrated by UAC-0227 targeting local authorities, critical infrastructure facilities, and Territorial Recruitment and Social Support Centers (TRCs and SSCs) that leverage ClickFix-style tactics or SVG file attachments to distribute stealers like Amatera Stealer and Strela Stealer
• Phishing campaigns orchestrated by UAC-0125, a sub-cluster with ties to Sandworm, that sent email messages containing links to a website masquerading as ESET to deliver a C#-based backdoor named Kalambur (aka SUMBUR) under the guise of a threat removal program

SSSCIP said it also observed the Russia-linked APT28 (aka UAC-0001) actors weaponizing cross-site scripting flaws in Roundcube and (CVE-2023-43770, CVE-2024-37383, and CVE-2025-49113) and Zimbra (CVE-2024-27443 and CVE-2025-27915) webmail software to conduct zero-click attacks.

“When exploiting such vulnerabilities, attackers typically injected malicious code that, through the Roundcube or Zimbra API, gained access to credentials, contact lists, and configured filters to forward all emails to attacker-controlled mailboxes,” SSSCIP said.

“Another method of stealing credentials using these vulnerabilities was to create hidden HTML blocks (visibility: hidden) with login and password input fields, where the attribute autocomplete=’on’ was set. This allowed the fields to be auto-filled with data stored in the browser, which was then exfiltrated.”

The agency also revealed that Russia continues to engage in hybrid warfare, synchronizing its cyber operations in conjunction with kinetic attacks on the battlefield, with the Sandworm (UAC-0002) group targeting organizations in the energy, defense, internet service providers, and research sectors.

Furthermore, several threat groups targeting Ukraine have resorted to abusing legitimate services, such as Dropbox, Google Drive, OneDrive, Bitbucket, Cloudflare Workers, Telegram, Telegra.ph, Teletype.in, Firebase, ipfs.io, mocky.io, to host malware or phishing pages, or turn them into a data exfiltration channel.

“The use of legitimate online resources for malicious purposes is not a new tactic,” SSSCIP said. “However, the number of such platforms exploited by Russian hackers has been steadily increasing in recent times.”

Oct 09, 2025Ravie LakshmananVulnerability / Website Security

Threat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme that makes it possible to gain unauthorized access to any account, including administrators, and take control of susceptible sites.

The authentication bypass vulnerability, tracked as CVE-2025-5947 (CVSS score: 9.8), affects the Service Finder Bookings, a WordPress plugin bundled with the Service Finder theme. It was discovered by a researcher who goes by the name Foxyyy.

“This vulnerability makes it possible for an unauthenticated attacker to gain access to any account on a site, including accounts with the ‘administrator’ role,” Wordfence researcher István Márton said.

The problem, at its core, is a case of privilege escalation stemming from authentication bypass due to the plugin not adequately validating a user’s cookie value before logging them in through an account switching function (service_finder_switch_back()).

As a result, an unauthenticated attacker could take advantage of this behavior to sign in to the site as any user, including administrators, effectively hijacking the site and using it for nefarious purposes, such as inserting malicious code to redirect users to fake sites or use it to host malware.

The shortcoming affects all versions of the theme prior to and including 6.0. It was addressed by the plugin maintainers on July 17, 2025, with the release of version 6.1. The theme has been sold to more than 6,100 customers, per data from Envato Market.

The WordPress security company said it has observed exploitation activity targeting CVE-2025-5947 since August 1, 2025, with over 13,800 attempts detected to date. However, the success rate of these efforts is currently not clear.

The following IP addresses have been observed targeting the Service Finder Bookings plugin account switching function –

• 5.189.221.98
• 185.109.21.157
• 192.121.16.196
• 194.68.32.71
• 178.125.204.198

Administrators are recommended to audit their sites for any signs of suspicious activity and ensure all the plugins and themes are running the latest version.

Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites.

“Site visitors get injected content that was drive-by malware like fake Cloudflare verification,” Sucuri researcher Puja Srivastava said in an analysis published last week.

The website security company said it began an investigation after one of its customer’s WordPress sites served suspicious third-party JavaScript to site visitors, ultimately finding that the attackers introduced malicious modifications to a theme-related file (“functions.php”).

The code inserted into “functions.php” incorporates references to Google Ads, likely in an attempt to evade detection. But, in reality, it functions as a remote loader by sending an HTTP POST request to the domain “brazilc[.]com,” which, in turn, responds with a dynamic payload that includes two components –

• A JavaScript file hosted on a remote server (“porsasystem[.]com”), which, as of writing, has been referenced on 17 websites and contains code to perform site redirects
• A piece of JavaScript code that creates a hidden, 1×1 pixel iframe, within which it injects code that mimics legitimate Cloudflare assets like “cdn-cgi/challenge-platform/scripts/jsd/main.js” – an API that’s a core part of its bot detection and challenge platform

It’s worth noting that the domain “porsasystem[.]com” has been flagged as part of a traffic distribution system (TDS) called Kongtuke (aka 404 TDS, Chaya_002, LandUpdate808, and TAG-124).

According to information shared by an account named “monitorsg” on Mastodon on September 19, 2025, the infection chain starts with users visiting a compromised site, resulting in the execution of “porsasystem[.]com/6m9x.js,” which then leads to “porsasystem[.]com/js.php” to eventually take the victims to ClickFix-style pages for malware distribution.

The findings illustrate the need for securing WordPress sites and ensuring that plugins, themes, and website software are kept up-to-date, enforcing strong passwords, scanning the sites for anomalies and unexpected administrator accounts created for maintaining persistent access even after the malware is detected and removed.

“This tool allows threat actors to create highly customizable phishing pages that mimic the challenge-response behavior of a browser verification page commonly deployed by Content Delivery Networks (CDNs) and cloud security providers to defend against automated threats,” security researcher Amer Elsad said. “The spoofed interface is designed to appear legitimate to victims, increasing the effectiveness of the lure.”

The bespoke phishing pages also come with capabilities to manipulate the clipboard, a crucial step in the ClickFix attack, as well as detect the operating system used in order to tailor the infection sequence and serve compatible malware.

In at least two different cases, threat actors have been detected using pages generated using the kit to deploy information stealers such as DeerStealer and Odyssey Stealer, the latter of which is designed to target Apple macOS systems.

The emergence of the IUAM ClickFix Generator adds to a prior alert from Microsoft warning of a rise in commercial ClickFix builders on underground forums since late 2024. Another notable example of a phishing kit that has integrated the offering is Impact Solutions.

“The kits offer creation of landing pages with a variety of available lures, including Cloudflare,” Microsoft noted back in August 2025. “They also offer construction of malicious commands that users will paste into the Windows Run dialog. These kits claim to guarantee antivirus and web protection bypass (some even promise that they can bypass Microsoft Defender SmartScreen), as well as payload persistence.”

It goes without saying that these tools further lower the barrier to entry for cybercriminals, enabling them to mount sophisticated, multi-platform attacks at scale without much effort or technical expertise.

ClickFix Becomes Stealthy via Cache Smuggling

The findings also follow the discovery of a new campaign that has innovated on the ClickFix attack formula by employing a sneaky technique referred to as cache smuggling to fly under the radar as opposed to explicitly downloading any malicious files on the target host.

“This campaign differs from previous ClickFix variants in that the malicious script does not download any files or communicate with the internet,” Expel Principal Threat Researcher Marcus Hutchins said. “This is achieved by using the browser’s cache to pre-emptively store arbitrary data onto the user’s machine.”

In the attack documented by the cybersecurity company, the ClickFix-themed page masquerades as a Fortinet VPN Compliance Checker, using FileFix tactics to deceive users into launching the Windows File Explorer and pasting a malicious command into the address bar to trigger the execution of the payload.

The invisible command is designed to run a PowerShell script via conhost.exe. What makes the script stand apart is that it does not download any additional malware or communicate with an attacker-controlled server. Instead, it executes an obfuscated payload that passes off as a JPEG image and is already cached by the browser when the user lands on the phishing page.

“Neither the web page nor the PowerShell script explicitly downloads any files,” Hutchins explained. “By simply letting the browser cache the fake ‘image,’ the malware is able to get an entire zip file onto the local system without the PowerShell command needing to make any web requests.”

“The implications of this technique are concerning, as cache smuggling may offer a way to evade protections that would otherwise catch malicious files as they are downloaded and executed. An innocuous-looking ‘image/jpeg’ file is downloaded, only to have its contents extracted and then executed via a PowerShell command hidden in a ClickFix phishing lure.”

Oct 08, 2025Ravie LakshmananMalware / Threat Intelligence

Threat actors with suspected ties to China have turned a legitimate open-source monitoring tool called Nezha into an attack weapon, using it to deliver a known malware called Gh0st RAT to targets.

The activity, observed by cybersecurity company Huntress in August 2025, is characterized by the use of an unusual technique called log poisoning (aka log injection) to plant a web shell on a web server.

“This allowed the threat actor to control the web server using ANTSWORD, before ultimately deploying Nezha, an operation and monitoring tool that allows commands to be run on a web server,” researchers Jai Minton, James Northey, and Alden Schmidt said in a report shared with The Hacker News.

In all, the intrusion is said to have likely compromised more than 100 victim machines, with a majority of the infections reported in Taiwan, Japan, South Korea, and Hong Kong.

The attack chain pieced together by Huntress shows that the attackers, described as a “technically proficient adversary,” leveraged a publicly exposed and vulnerable phpMyAdmin panel to obtain initial access, and then set the language to simplified Chinese.

The threat actors have been subsequently found to access the server SQL query interface and run various SQL commands in quick succession in order to drop a PHP web shell in a directory accessible over the internet after ensuring that the queries are logged to disk by enabling general query logging.

“They then issued a query containing their one-liner PHP web shell, causing it to be recorded in the log file,” Huntress explained. “Crucially, they set the log file’s name with a .php extension, allowing it to be executed directly by sending POST requests to the server.”

The access afforded by the ANTSWORD web shell is then used to run the “whoami” command to determine the privileges of the web server and deliver the open-source Nezha agent, which can be used to remotely commandeer an infected host by connecting to an external server (“c.mid[.]al”).

An interesting aspect of the attack is that the threat actor behind the operation has been running their Nezha dashboard in Russian, with over 100 victims listed across the world. A smaller concentration of victims is scattered across Singapore, Malaysia, India, the U.K., the U.S., Colombia, Laos, Thailand, Australia, Indonesia, France, Canada, Argentina, Sri Lanka, the Philippines, Ireland, Kenya, and Macao, among others.

The Nezha agent enables the next stage of the attack chain, facilitating the execution of an interactive PowerShell script to create Microsoft Defender Antivirus exclusions and launch Gh0st RAT, a malware widely used by Chinese hacking groups. The malware is executed by means of a loader that, in turn, runs a dropper responsible for configuring and starting the main payload.

“This activity highlights how attackers are increasingly abusing new and emerging publicly available tooling as it becomes available to achieve their goals,” the researchers said.

“Due to this, it’s a stark reminder that while publicly available tooling can be used for legitimate purposes, it’s also commonly abused by threat actors due to the low research cost, ability to provide plausible deniability compared to bespoke malware, and likelihood of being undetected by security products.”

Three prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance, once underscoring continued shifts in the cyber threat landscape.

The coalition is seen as an attempt on the part of the financially motivated threat actors to conduct more effective ransomware attacks, ReliaQuest said in a report shared with The Hacker News.

“Announced shortly after LockBit’s return, the collaboration is expected to facilitate the sharing of techniques, resources, and infrastructure, strengthening each group’s operational capabilities,” the company noted in its ransomware report for Q3 2025.

“This alliance could help restore LockBit’s reputation among affiliates following last year’s takedown, potentially triggering a surge in attacks on critical infrastructure and expanding the threat to sectors previously considered low risk.”

The partnership with Qilin is no surprise, given that it has become the most active ransomware group in recent months, claiming a little over 200 victims in Q3 2025 alone.

“In Q3 2025, Qilin disproportionately targeted North America-based organizations,” ZeroFox said in its Q3 2025 Ransomware Wrap-Up report. “Qilin’s operational tempo began to increase significantly in Q4 2024, when the collective conducted at least 46 attacks.”

The development coincides with the emergence of LockBit 5.0, which is equipped to target Windows, Linux, and ESXi systems. The latest iteration was first advertised on September 3, 2025, on the RAMP darknet forum on the sixth anniversary of the affiliate program.

LockBit was dealt a massive blow in early 2024 following a law enforcement operation dubbed Cronos that seized its infrastructure and led to the arrest of some of its members. At its peak, the group is estimated to have targeted over 2,500 victims worldwide and received more than $500 million in ransom payments.

“If the group manages to rebuild its trust among affiliates, it could reemerge as a dominant ransomware threat, driven by financial motives and by a desire for revenge against law enforcement crackdowns,” ReliaQuest said.

R&DE incidents by week in Q3 2025

The return of LockBit and its alliance comes as the threat actor known as Scattered Spider appears to be gearing up to launch its own ransomware-as-a-service (RaaS) program called ShinySp1d3r, making it the first such service by an English-speaking extortion crew.

ReliaQuest said it’s tracking a total of 81 data leak sites, a significant jump from 51 reported in early 2024. Companies in the professional, scientific, and technical services sector account for the largest number of victims during the time period, surpassing 375.

Manufacturing, construction, healthcare, finance and insurance, retail, accommodation and food services, education, arts and entertainment, information, and real estate are some of the other commonly affected sectors.

Another noteworthy trend is the spike in ransomware attacks targeting countries like Egypt, Thailand, and Colombia, indicating that threat actors are expanding beyond “traditional hotspots” such as Europe and the U.S. to evade law enforcement scrutiny. The vast majority of the victims listed on data leak sites are based in the U.S., Germany, the U.K., Canada, and Italy.

According to data from ZeroFox, there have been a total of at least 1,429 separate ransomware and digital extortion (R&DE) incidents in Q3 2025, down from 1,961 incidents observed in Q1 2025. Qilin, Akira, INC Ransom, Play, and SafePay have been found to be responsible for approximately 47 percent of all global R&DE attacks in Q2 and Q3 2025.

“The disproportionate targeting of North America-based entities can be partly attributed to the geopolitical motivations and ideological beliefs of financially motivated threat collectives fueled by opposition to ‘Western’ political and social narratives,” the company said.

“North America hosts a wide variety of robust industries that comprise substantial and fast-growing digital attack surfaces. The widespread integration of technologies such as cloud networking services and Internet of Things devices contributes to the accessibility of North American assets.”

Oct 08, 2025Ravie LakshmananVulnerability / Software Security

Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution.

The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an attacker can send arbitrary system commands.

“The server constructs and executes shell commands using unvalidated user input directly within command-line strings. This introduces the possibility of shell metacharacter injection (|, >, &&, etc.),” according to a GitHub advisory for the flaw. “Successful exploitation can lead to remote code execution under the server process’s privileges.”

Given that the Framelink Figma MCP server exposes various tools to perform operations in Figma using artificial intelligence (AI)-powered coding agents like Cursor, an attacker could trick the MCP client to execute unintended actions by means of an indirect prompt injection.

Cybersecurity company Imperva, which discovered and reported the problem in July 2025, described CVE-2025-53967 as a “design oversight” in the fallback mechanism that could allow bad actors to achieve full remote code execution, putting developers at risk of data exposure.

The command injection flaw “occurs during the construction of a command-line instruction used to send traffic to the Figma API endpoint,” security researcher Yohann Sillam said.

The exploitation sequence takes place over through steps –

• The MCP client sends an Initialize request to the MCP endpoint to receive an mcp-session-id that’s used in subsequent communication with the MCP server
• The client sends a JSONRPC request to the MCP server with the method tools/call to call tools like get_figma_data or download_figma_images

“Because the curl command is constructed by directly interpolating URL and header values into a shell command string, a malicious actor could craft a specially designed URL or header value that injects arbitrary shell commands,” Imperva said. “This could lead to remote code execution (RCE) on the host machine.”

In a proof-of-concept attack, a remote bad actor on the same network (e.g., a public Wi-Fi or a compromised corporate device) can trigger the flaw by sending the series of requests to the vulnerable MCP. Alternatively, the attacker could trick a victim into visiting a specially crafted site as part of a DNS rebinding attack.

The vulnerability has been addressed in version 0.6.3 of figma-developer-mcp, which was released on September 29, 2025. As mitigations, it’s advisable to avoid using child_process.exec with untrusted input and switch to child_process.execFile that eliminates the risk of shell interpretation.

“As AI-driven development tools continue to evolve and gain adoption, it’s essential that security considerations keep pace with innovation,” the Thales-owned company said. “This vulnerability is a stark reminder that even tools meant to run locally can become powerful entry points for attackers.”

The development comes as FireTail revealed that Google has opted not to fix a new ASCII smuggling attack in its Gemini AI chatbot that could be weaponized to craft inputs that can slip through security filters and induce undesirable responses. Other large language models (LLMs) susceptible to this attack are DeepSeek and xAI’s Grok.

“And this flaw is particularly dangerous when LLMs, like Gemini, are deeply integrated into enterprise platforms like Google Workspace,” the company said. “This technique enables automated identity spoofing and systematic data poisoning, turning a UI flaw into a potential security nightmare.”

Oct 08, 2025The Hacker NewsPassword Security / Cyber Attacks

Every year, weak passwords lead to millions in losses — and many of those breaches could have been stopped.

Attackers don’t need advanced tools; they just need one careless login.

For IT teams, that means endless resets, compliance struggles, and sleepless nights worrying about the next credential leak.

This Halloween, The Hacker News and Specops Software invite you to a live webinar: “Cybersecurity Nightmares: Tales from the Password Graveyard” — a chilling reality check every IT leader needs.

You’ll explore real-world password breaches, why traditional password policies fail, and how new tools can help you stop attacks before they happen.

💀 What You’ll Learn

• Real breach stories and the lessons behind them.
• Why complexity alone doesn’t protect your users.
• How Specops blocks breached passwords in real time.
• A live demo of creating stronger, compliant, user-friendly policies.
• A simple three-step plan for IT leaders to eliminate password risks fast.

👉 Register now to join the live demo and get your action plan.

🕸️ Make Passwords Secure — and Simple

Poor password management doesn’t just create risk — it wastes time and hurts productivity. Specops helps IT teams strengthen security without adding friction for users.

Join this session to learn how to:

• Cut helpdesk resets.
• Meet compliance requirements.
• Stop credential-based attacks for good.

🎃 Sign up today and end your password nightmares once and for all.

Artificial intelligence is reshaping cybersecurity on both sides of the battlefield. Cybercriminals are using AI-powered tools to accelerate and automate attacks at a scale defenders have never faced before. Security teams are overwhelmed by an explosion of vulnerability data, tool outputs, and alerts, all while operating with finite human resources. The irony is that while AI has become a dominant theme in cybersecurity, many enterprises still struggle to apply it effectively within their programs.

The problem isn’t access to information, as teams already have more data than they can process. It’s cutting through the noise and focusing on what truly matters. AI is crucial here. Not only can it make security teams more efficient, it can generate insights that would be impossible to gather at scale or in real time without machine assistance. If adversaries are already weaponizing AI, then defenders must embed it into their strategies as well or risk falling further behind in a fight that is moving faster every day.

Where to Embed AI to Deliver the Most Impact

To keep pace with adversaries, defenders should focus on these key areas where AI provides the greatest advantage:

• Deduplication and correlation: Cut through redundant data to create a trusted view of risk.
• Prioritization: Ensure limited resources are spent on the exposures that matter most.
• The intelligence layer: Augment human judgment with context, simulations, and recommendations.

Together, these elements form the foundation of an AI-driven exposure management strategy to enable organizations to reduce risk continuously rather than reactively.

Security tools are quickly developing AI to enhance decisions and analysis. When evaluating solutions, choose those with proven investment in AI and a clear vision for expansion. PlexTrac, the Pentest Report Automation & Threat Exposure Management platform, introduced AI in 2024 and is actively expanding its use to help teams manage their centralized data across the vulnerability lifecycle.

Deduplication and Correlation: Creating a Clean Risk Picture

One of the biggest obstacles security teams face isn’t the absence of tools, but the overload they create. Multiple scanners, asset inventories, and threat feeds often surface the same vulnerabilities again and again. Duplicate findings create noise, slow remediation, and make it nearly impossible to see a clean picture of risk. Analysts often spend more time reconciling conflicting data than actually reducing exposures, especially when findings are scattered across siloed tools instead of centralized in one place where they can be managed together.

This is where AI can change the game. By normalizing, correlating, and deduplicating millions of records, AI can distill a massive dataset of duplicated vulnerabilities into a single, accurate, and correlated view. This clarity is the foundation for effective risk management. Without it, prioritization is guesswork.

With centralized data management, platforms like PlexTrac already automate parts of this process, and the next step is applying intelligence to ensure teams can rely on the data in front of them, free from noise, duplication, and distraction.

Prioritization: Smarter Risk Prioritization

Once your data is clean, the next challenge is deciding what to fix first. Traditional severity scores, like CVSS, often overwhelm teams with endless lists of “critical” issues. But severity doesn’t always equal risk. AI-driven prioritization blends exploit likelihood, asset exposure, business context, and real-time threat intelligence to surface the exposures that matter and have the highest impact on the business or likeliness of exploitation.

Instead of spreading resources thin, teams can narrow their focus on the vulnerabilities most likely to be exploited.

Platforms like PlexTrac have already released contextual risk-based scoring to prioritize remediation using relevant business context and are investing deeply in this intelligence-first prioritization to help organizations align security decisions directly with business outcomes.

The Intelligence Layer: Augment Human Analysis

The future of AI in cybersecurity isn’t about replacing analysts, but empowering them. AI can recommend areas of focus, surface potential exploits based on active threats, simulate attack scenarios, and enrich risk scores with live threat data. Analysts still make the calls, but with far more guidance, context, and confidence.

This “intelligence layer” bridges automation and human judgment to help teams shift from reactive compliance to business-aligned defense.

Platforms like PlexTrac are building toward this future, where defenders gain an edge not just in efficiency but in foresight.

Fight Back Against AI: Turn Data Into Defense

AI-powered deduplication and prioritization are the levers that determine whether organizations stay buried in noise or achieve measurable risk reduction. With adversaries already weaponizing AI, defenders must embed it into their strategies now.

Done responsibly, AI transforms the flood of security data into actionable insight, allowing teams to cut through chaos, focus resources, and fight back against attackers who are already wielding AI as a weapon.

As adversaries advance cyberattacks with AI, platforms like PlexTrac are investing heavily in advancing AI-driven capabilities to cut through noise, prioritize what matters, and reduce risk. See it in action by requesting a demo today.

OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development.

This includes a Russian‑language threat actor, who is said to have used the chatbot to help develop and refine a remote access trojan (RAT), a credential stealer with an aim to evade detection. The operator also used several ChatGPT accounts to prototype and troubleshoot technical components that enable post‑exploitation and credential theft.

“These accounts appear to be affiliated with Russian-speaking criminal groups, as we observed them posting evidence of their activities in a Telegram channel dedicated to those actors,” OpenAI said.

The AI company said while its large language models (LLMs) refused the threat actor’s direct requests to produce malicious content, they worked around the limitation by creating building-block code, which was then assembled to create the workflows.

Some of the produced output involved code for obfuscation, clipboard monitoring, and basic utilities to exfiltrate data using a Telegram bot. It’s worth pointing out that none of these outputs are inherently malicious on their own.

“The threat actor made a mix of high‑ and lower‑sophistication requests: many prompts required deep Windows-platform knowledge and iterative debugging, while others automated commodity tasks (such as mass password generation and scripted job applications),” OpenAI added.

“The operator used a small number of ChatGPT accounts and iterated on the same code across conversations, a pattern consistent with ongoing development rather than occasional testing.”

The second cluster of activity originated from North Korea and shared overlaps with a campaign detailed by Trellix in August 2025 that targeted diplomatic missions in South Korea using spear-phishing emails to deliver Xeno RAT.

OpenAI said the cluster used ChatGPT for malware and command-and-control (C2) development, and that the actors engaged in specific efforts such as developing macOS Finder extensions, configuring Windows Server VPNs, or converting Chrome extensions to their Safari equivalents.

The third set of banned accounts, OpenAI noted, shared overlaps with a cluster tracked by Proofpoint under the name UNK_DropPitch (aka UTA0388), a Chinese hacking group which has been attributed to phishing campaigns targeting major investment firms with a focus on the Taiwanese semiconductor industry, with a backdoor dubbed HealthKick (aka GOVERSHELL).

The accounts used the tool to generate content for phishing campaigns in English, Chinese, and Japanese; assist with tooling to accelerate routine tasks such as remote execution and traffic protection using HTTPS; and search for information related to installing open-source tools like nuclei and fscan. OpenAI described the threat actor as “technically competent but unsophisticated.”

Outside of these three malicious cyber activities, the company also blocked accounts used for scam and influence operations –

• Networks likely originating in Cambodia, Myanmar, and Nigeria are abusing ChatGPT as part of likely attempts to defraud people online. These networks used AI to conduct translation, write messages, and to create content for social media to advertise investment scams.
• Individuals apparently linked to Chinese government entities using ChatGPT to assist in surveilling individuals, including ethnic minority groups like Uyghurs, and analyzing data from Western or Chinese social media platforms. The users asked the tool to generate promotional materials about such tools, but did not use the AI chatbot to implement them.
• A Russian-origin threat actor linked to Stop News and likely run by a marketing company that used its AI models (and others) to generate content and videos for sharing on social media sites. The generated content criticized the role of France and the U.S. in Africa and Russia’s role on the continent. It also produced English-language content promoting anti-Ukraine narratives.
• A covert influence operation originating from China, codenamed “Nine—emdash Line” that used its models to generate social media content critical of the Philippines’ President Ferdinand Marcos, as well as create posts about Vietnam’s alleged environmental impact in the South China Sea and political figures and activists involved in Hong Kong’s pro-democracy movement.

In two different cases, suspected Chinese accounts asked ChatGPT to identify organizers of a petition in Mongolia and funding sources for an X account that criticized the Chinese government. OpenAI said its models returned only publicly available information as responses and did not include any sensitive information.

“A novel use for this [China-linked influence network was requests for advice on social media growth strategies, including how to start a TikTok challenge and get others to post content about the #MyImmigrantStory hashtag (a widely used hashtag of long standing whose popularity the operation likely strove to leverage),” OpenAI said.

“They asked our model to ideate, then generate a transcript for a TikTok post, in addition to providing recommendations for background music and pictures to accompany the post.”

OpenAI reiterated that its tools provided the threat actors with novel capabilities that they could not otherwise have obtained from multiple publicly available resources online, and that they were used to provide incremental efficiency to their existing workflows.

But one of the most interesting takeaways from the report is that threat actors are trying to adapt their tactics to remove possible signs that could indicate that the content was generated by an AI tool.

“One of the scam networks [from Cambodia] we disrupted asked our model to remove the em-dashes (long dash, –) from their output, or appears to have removed the em-dashes manually before publication,” the company said. “For months, em-dashes have been the focus of online discussion as a possible indicator of AI usage: this case suggests that the threat actors were aware of that discussion.”

The findings from OpenAI come as rival Anthropic released an open-source auditing tool called Petri (short for “Parallel Exploration Tool for Risky Interactions”) to accelerate AI safety research and better understand model behavior across various categories like deception, sycophancy, encouragement of user delusion, cooperation with harmful requests, and self-perseveration.

“Petri deploys an automated agent to test a target AI system through diverse multi-turn conversations involving simulated users and tools,” Anthropic said.

“Researchers give Petri a list of seed instructions targeting scenarios and behaviors they want to test. Petri then operates on each seed instruction in parallel. For each seed instruction, an auditor agent makes a plan and interacts with the target model in a tool use loop. At the end, a judge scores each of the resulting transcripts across multiple dimensions so researchers can quickly search and filter for the most interesting transcripts.”

Oct 07, 2025Ravie LakshmananMalware / Threat Intelligence

A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job seekers and digital marketing professionals to deliver a previously undocumented malware called Vampire Bot.

“The attackers pose as recruiters, distributing malicious files disguised as job descriptions and corporate documents,” Aryaka Threat Research Labs researchers Aditya K Sood and Varadharajan K said in a report shared with The Hacker News. “When opened, these lures trigger the infection chain of a Go-based malware.”

The attack chains, per the cybersecurity company, leverage ZIP archives containing decoy PDF documents along with malicious shortcut (LNK) or executable files that are masked as PDF to trick users into opening them. When launched, the LNK file runs an embedded PowerShell script that reaches out to an external server to download a lure document, a PDF for a marketing job at Marriott.

The PowerShell script also downloads from the same server a ZIP file that includes files related to XtraViewer, a remote desktop connection software, and executes it likely with an aim to establish persistent access to compromised hosts.

Victims who end up clicking on a link in the lure PDF to supposedly “preview” the job description are directed to another landing page that serves a fake error message stating the browser is unsupported and that “the page only supports downloads on Microsoft Edge.”

“When the user clicks the OK button, Chrome simultaneously blocks the redirect,” Aryaka said. “The page then displays another message instructing the user to copy the URL and open it in the Edge browser to download the file.”

The instruction on the part of the attacker to get the victim to use Edge as opposed to, say, Google Chrome or other web browsers is likely down to the fact that scripted pop-ups and redirects are likely blocked by default, whereas manually copying and pasting the URL on Edge allows the infection chain to continue, as it’s treated as a user-initiated action.

The executable is a Golang malware dubbed Vampire Bot that can profile the infected host, steal a wide range of information, capture screenshots at configurable intervals, and maintain communication with an attacker-controlled server (“api3.samsungcareers[.]work”) to run commands or fetch additional payloads.

BatShadow’s links to Vietnam stem from the use of an IP address (103.124.95[.]161) that has been previously flagged as used by hackers with links to the country. Furthermore, digital marketing professionals have been one of the main targets of attacks perpetrated by various Vietnamese financially motivated groups, who have a track record of deploying stealer malware to hijack Facebook business accounts.

In October 2024, Cyble also disclosed details of a sophisticated multi-stage attack campaign orchestrated by a Vietnamese threat actor that targeted job seekers and digital marketing professionals with Quasar RAT using phishing emails containing booby-trapped job description files.

BatShadow is assessed to be active for at least a year, with prior campaigns using similar domains, such as samsung-work.com, to propagate malware families including Agent Tesla, Lumma Stealer, and Venom RAT.

“The BatShadow threat group continues to employ sophisticated social engineering tactics to target job seekers and digital marketing professionals,” Aryaka said. “By leveraging disguised documents and a multi-stage infection chain, the group delivers a Go-based Vampire Bot capable of system surveillance, data exfiltration, and remote task execution.”