HomeWinBuzzer NewsProofpoint Unveils AI-Assisted Cyber Threat by TA547 against German Firms

Proofpoint Unveils AI-Assisted Cyber Threat by TA547 against German Firms

AI-powered emails distribute Rhadamanthys malware in Germany. Hackers use AI tools (like ChatGPT) to create sophisticated PowerShell scripts


experts at Proofpoint have identified a sophisticated email campaign that leveraged artificial intelligence to create a PowerShell script for malware distribution. The campaign, orchestrated by the threat actor TA547, also known as Scully Spider, targeted numerous organizations across Germany, deploying the Rhadamanthys information stealer. This development underscores the growing complexity of cyber threats and the innovative use of AI by cybercriminals.

The Attack Vector: Impersonation and Sophistication

TA547, an initial access broker known for its diverse malware distribution, has shifted its focus towards utilizing the Rhadamanthys modular stealer, a tool that has been actively distributed to various cybercrime groups since September 2022. In their latest operation, the attackers impersonated the Metro cash-and-carry brand to send emails to dozens of German organizations. These emails contained a ZIP archive, password-protected with ‘MAR26', which housed a malicious shortcut file. This file, upon execution, triggered a script that decoded and executed the Rhadamanthys executable directly in memory, a technique that helps avoid detection by not writing to the disk.

The Role of AI in Cyber Attacks

The PowerShell script used in the attack exhibited characteristics that suggest it was generated with the assistance of an artificial intelligence system, such as OpenAI's ChatGPT, Google's Gemini, or Microsoft's Copilot. The presence of specific comments for each component, marked by a pound/hash sign (#), is not typical in scripts written by humans but is common in code produced by solutions. While direct evidence linking the script to an AI-generated origin is elusive, the similarities in structure and content with AI-generated examples provide a strong indication of AI's involvement.

Since the of ChatGPT in late 2022, there has been a noticeable increase in the utilization of AI by cybercriminals for creating more convincing phishing emails, identifying vulnerabilities, and developing phishing pages. Moreover, nation-state actors from countries like , Iran, and Russia have also been reported to leverage generative AI to enhance their cyber operations. In response to the abuse of AI technologies for malicious purposes, has taken steps to block accounts associated with state-sponsored hacker groups, indicating the dual-use nature of AI technologies in cybersecurity.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News