Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
Security IT

Chinese Hackers Used Anthropic's AI To Automate Cyberattacks (msn.com) 15

Posted by msmash from the PSA dept.
China's state-sponsored hackers used AI technology from Anthropic to automate break-ins of major corporations and foreign governments during a September hacking campaign, the company said Thursday. From a report: The effort focused on dozens of targets and involved a level of automation that Anthropic's cybersecurity investigators had not previously seen, according to Jacob Klein, the company's head of threat intelligence.

Hackers have been using AI for years now to conduct individual tasks such as crafting phishing emails or scanning the internet for vulnerable systems, but in this instance 80% to 90% of the attack was automated, with humans only intervening in a handful of decision points, Klein said.

The hackers conducted their attacks "literally with the click of a button, and then with minimal human interaction," Klein said. Anthropic disrupted the campaigns and blocked the hackers' accounts, but not before as many as four intrusions were successful. In one case, the hackers directed Anthropic's Claude AI tools to query internal databases and extract data independently.

Chinese Hackers Used Anthropic's AI To Automate Cyberattacks More | Reply

Chinese Hackers Used Anthropic's AI To Automate Cyberattacks

Comments Filter:

  • Are they sure the hackers are state-sponsored (and Chinese)?
    msn.com won't work for me - something I have no problems with - so I can't RTFA but this appears to be too blatant for them. Russia, yes, North Korea, yes.

    • The article states: "Anthropic said it was confident, based on the digital infrastructure the hackers used as well as other clues, that the attacks were run by Chinese state-backed hackers."

      • The article states: "Anthropic said it was confident, based on the digital infrastructure the hackers used as well as other clues, that the attacks were run by Chinese state-backed hackers."

        TFS/A also seems to be hell bent in injecting AI into the hacking discussion, on behalf of AI and sponsored by AI.

        Hackers have been using AI for years now to conduct individual tasks such as crafting phishing emails or scanning the internet for vulnerable systems.

        Knowing what the nmap command is and using a textfile of email addresses to create a d-list to send the latest Nigerian Prince bullshit, isn't exactly what we should be calling AI bragware. Even for the Toddler AI we have today. Smells more like the kind of script based shitware we've seen for decades, long before AI escaped the pages of science fiction to pretend to be what we have today.

        The hackers conducted their attacks “literally with the click of a button, and then with minimal human interaction,”

        Uh,

    • Re: (Score:2)

      by shanen ( 462549 )

      I can actually buy the Subject: theory on the grounds of "cheap training" for "hackers" at the "script kiddy" level. Some of them may learn and graduate to higher levels of hackery, while the others will "serve the cause" by creating more noise for the "good guys" to try and filter out.

      I'm not trying to scare anyone with all the scare quotes. It's just that so many words and ideas are under attack these days that I'm feeling like I should try to get in front of the mostly likely points of (mostly deliberate

    • I would like to evidence before pinning this on China. Could be Canadians with a Chinese proxy.

    • Of course you realize that attribution can be challenging in the cyber world. Which is exactly why state actors like it, especially when they can use 'grey' operators such as criminal groups as proxies. There won't be a smoking gun, 100% incontrovertible evidence pointing directly at the culprit. Whereas when you launch a physical rocket from a country to another, it it is generally easier show where it came from.

      However - I said challenging, not impossible.

      The Pyramid of Pain model in threat hunting addres

  • China's state-sponsored hackers doing high volume high quality hacking : not even news.

    Using AI to help in crafting phishing emails - makes perfect sense. Often the weakest part of campaigns in the past.

    Using AI for scanning the internet for vulnerable systems - now *this* is surprising to me - surely tools to do this have been readily available and highly developed for a long time now? How would AI help here?

    • >> How would AI help here?

      I use Anthropic LLM's for coding all the time now, it's amazing what it can do for you with little effort on your part. From the article;

      “The human was only involved in a few critical chokepoints, saying, ‘Yes, continue,’ ‘Don’t continue,’ ‘Thank you for this information,’ ‘Oh, that doesn’t look right, Claude, are you sure?’”

      It asks me things like that several times a day. I definitely have to put the rei

  • There are no profitable AND legal use-cases for any product being described as "AI". These tools have been industry-facing for a decade. Companies have been using them to fill their platforms with fake content and fake accounts. Fake accounts and automated attacks are their only use-case. Our entire economy is now based on the sale of tools to transnational organized crime syndicates.

    Every company in this field should be facing RICO charges. Microsoft, NVidia, Google and Twitter are massive, ongoing crimi
  • There needs to be some formal rules set in place such that if you do not abide by them, you are no longer allowed to participate. China, Russia, and N. Korea have two-faced hypocritical governments that take advantage of the world allowing them to speak freely (in the digital realm), yet spend enormous energy ensuring that within their digital walls, you cannot speak freely.
  • The ai capable of such things is present literally at most of 2 'years' tops

Slashdot Top Deals

You have a message from the operator.

Close