Skip to content
.ca
sign in
5 minhigh

AI as tradecraft: How threat actors operationalize AI

Threat actors, particularly North Korean state-sponsored groups, are increasingly operationalizing AI to accelerate cyberattacks. They leverage generative AI for reconnaissance, social engineering, identity fabrication, and malware development, acting as a force multiplier that reduces technical friction while human operators maintain control over objectives.

Conf:highAnalyzed:2026-03-06reports

Authors: Microsoft Threat Intelligence

ActorsJasper SleetCoral SleetEmerald SleetSapphire SleetMoonstone SleetNorth Korean IT workers
North KoreaCoral SleetSocial EngineeringAI TradecraftJasper Sleet

Source:Microsoft

IOCs · 1

Key Takeaways

  • Threat actors use AI as a force multiplier across the attack lifecycle, accelerating reconnaissance, resource development, and malware generation.
  • North Korean actors (e.g., Jasper Sleet, Coral Sleet) heavily leverage AI for identity fabrication, deepfakes, and social engineering to secure remote IT jobs.
  • AI is actively used to accelerate malware development, leaving distinct artifacts like emojis and conversational comments in the code.
  • Emerging trends include threat actor experimentation with agentic AI workflows and AI recommendation poisoning.
  • Defenders must shift from static indicators to behavioral signals to detect AI-generated phishing, domains, and malware.

Affected Systems

  • Enterprise AI Systems
  • Microsoft 365
  • Identity Infrastructure
  • Remote Hiring Platforms

Vulnerabilities (CVEs)

  • CVE-2022-30190

Attack Chain

Threat actors begin by using LLMs for reconnaissance, researching vulnerabilities and target personas. They then use generative AI to develop resources, such as GAN-based look-alike domains and highly convincing fake identities with deepfake images and voice modulation. Initial access is achieved through AI-polished phishing lures or by getting hired as remote IT workers using fabricated credentials. Post-compromise, AI assists in discovering assets, refining privilege escalation scripts, and summarizing exfiltrated data for extortion.

Detection Availability

  • YARA Rules: No
  • Sigma Rules: No
  • Snort/Suricata Rules: No
  • KQL Queries: Yes
  • Splunk SPL Queries: No
  • EQL Queries: No
  • Other Detection Logic: No
  • Platforms: Microsoft Defender XDR, Microsoft Sentinel

Microsoft provides KQL queries for Microsoft Defender XDR to detect potentially spoofed emails and surface suspicious sign-in attempts associated with remote IT worker fraud.

Detection Engineering Assessment

EDR Visibility: Medium — AI-assisted malware and scripts may evade static signatures, but behavioral EDR can catch the resulting execution, lateral movement, and C2 connections. Network Visibility: Medium — Network telemetry can identify connections to known malicious infrastructure or anomalous data exfiltration, though AI-generated domains might bypass static reputation filters. Detection Difficulty: Hard — AI-generated content (phishing, code, domains) is designed to blend in with legitimate traffic and bypass traditional pattern-matching defenses.

Required Log Sources

  • EmailLogs
  • EntraIdSignInEvents
  • Network connections
  • Process execution logs

Hunting Hypotheses

HypothesisTelemetryATT&CK StageFP Risk
Look for unusual sign-in events from unmanaged devices with atypical travel or impossible travel alerts, indicating potential remote IT worker fraud.Identity/Entra ID logsInitial AccessMedium
Search for inbound emails failing SPF/DKIM/DMARC checks but originating from domains visually similar to trusted partners, indicating AI-generated spoofing.Email Gateway logsInitial AccessLow
Analyze custom scripts or binaries for unusual conversational comments or emoji-based logging, which may indicate AI-assisted malware generation.File/Script analysisExecutionHigh

Control Gaps

  • Static pattern-based phishing detection
  • Traditional domain reputation filtering
  • Identity verification in remote hiring

Key Behavioral Indicators

  • Conversational in-line comments in scripts
  • Emojis used as execution state markers in code
  • Overly descriptive or redundant variable naming
  • Over-engineered modular structure in simple scripts

False Positive Assessment

  • Medium (Detecting AI-generated code or text based on style or emojis can lead to false positives, as legitimate developers also use AI assistants and emojis in their workflows.)

Recommendations

Immediate Mitigation

  • Enforce MFA on all accounts and require it from all devices and locations.
  • Turn on Zero-hour auto purge (ZAP) in Defender for Office 365 to retroactively neutralize malicious messages.

Infrastructure Hardening

  • Configure Safe Links policies for internal recipients.
  • Enable network protection in Microsoft Defender for Endpoint.
  • Implement Azure AI Content Safety Prompt Shields to protect enterprise AI deployments from prompt injection.

User Protection

  • Treat fraudulent employment as an insider-risk scenario and monitor for abnormal access patterns.
  • Use Purview Insider Risk Management to detect data leakage and unauthorized access.

Security Awareness

  • Conduct attack simulation training with realistic AI-generated phishing scenarios.
  • Train HR and hiring managers to identify deepfakes and AI-generated personas during interviews.

MITRE ATT&CK Mapping

  • T1589 - Gather Victim Identity Information
  • T1583 - Acquire Infrastructure
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1059 - Command and Scripting Interpreter

Additional IOCs

  • Ips:
    • 144[.]172[.]105[.]122 - C2 or exfiltration server IP identified in an AI-generated malware code snippet.
  • Urls:
    • hxxp://144[.]172[.]105[.]122:8085 - Base URL for C2 server found in AI-generated script.
  • Other:
    • - Visual marker emoji used in AI-generated code paths for successful execution.
    • - Visual marker emoji used in AI-generated code paths for indicating errors.

Related