Post · bonfire.cafe

@GossiTheDog@cyberplace.social · 14 hours ago

Volexity put out a report about likely GenAI being used in cyber attacks by China... and it contains IOCs! It's a good report.

It has all the low hanging fruit classics defenders have been aware of forever, e.g. .rar files with .exe files inside, all of the "GenAI malware" was detected out of the box across all leading vendors etc etc.

Also the payloads contain unique phrases (and Wav files, lol) which made them easy to detect.

https://www.volexity.com/blog/2025/10/08/apt-meets-gpt-targeted-operations-with-untamed-llms/

Kevin Beaumont

@GossiTheDog@cyberplace.social replied · 14 hours ago

The samples are worth a pull and look, there's tons of existing community detections you can use for them.

Because of the embedded strings it's super easy to track the threat actor.

Kevin Beaumont

@GossiTheDog@cyberplace.social replied · 13 hours ago

Volexity piggy backed on the (slightly crap) WSJ article about GenAI citing Anthropic for publicity over this, which isn't ideal, but I get it.

The leading take away for defenders, now there's some actual IOCs, I think is... keep defending. If your existing vendors and controls aren't picking this stuff up, you have a crap vendor.

You shouldn't really be getting owned by widely detected .exes in .rar files from random websites. It isn't advanced cyber warfare.

Kevin Beaumont

@GossiTheDog@cyberplace.social replied · 13 hours ago

If this is the best the entire cyber industrial complex can find for China and Russia GenAI threats.. the reality 3 years into the GenAI "war" is that people are fighting you with water pistols at present.

Water pistols are annoying, but if you can't defend against a child spraying you with water, you're already in trouble.

So keep calm and carry on. You probably haven't even worked out how to patch your edge VPN appliance anyway.

Kevin Beaumont

@GossiTheDog@cyberplace.social replied · 13 hours ago

Also, if you're about to hit reply and go "but Kevin, soon they'll be able to hack past any security control! AI is god!" then.. a) get on LinkedIn to post that stuff and b) AI isn't god. It's a probability engine repeating things people already know.

The entire cyber industry is already built around detecting that. The cyber industry and the AI industry have a financial incentive to scare you into buying Agentic AI agents and such. Don't fall for it without _real_ evidence, not 'could'.

Kevin Beaumont

@GossiTheDog@cyberplace.social replied · 12 hours ago

Addition: https://bsky.app/profile/rndmamusings.bsky.social/post/3m5m6bggxdk24

https://bsky.app

View

Kevin Beaumont

@GossiTheDog@cyberplace.social replied · 10 hours ago

This is good: https://cyberscoop.com/anthropic-ai-orchestrated-attack-required-many-human-hands/

1 more replies (not shown)

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.0 no JS en

Automatic federation enabled