August 5, 2025
5 min read
Aman Mishra
Adversaries leverage AI to automate attacks, target autonomous agents, and expand their reach across cloud and enterprise systems.
Threat Actors Exploit AI to Scale Attacks and Target Autonomous Agents
Adversaries are increasingly using artificial intelligence (AI) to boost their operational efficiency in a rapidly evolving threat landscape. By leveraging AI, threat actors are scaling attacks and focusing on autonomous AI agents that underpin modern enterprise ecosystems. According to frontline intelligence from CrowdStrike’s 2025 Threat Hunting Report, which draws on insights from elite threat hunters and analysts, attackers are employing generative AI (GenAI) to optimize operations constrained by resources. This enables them to infiltrate organizations with unprecedented speed and precision. This technological shift allows even less skilled cybercrime and hacktivist groups to automate complex tasks that previously required advanced expertise, such as malware development, script generation, and technical problem-solving.AI Weaponization
For example, the DPRK-linked adversary FAMOUS CHOLLIMA has compromised over 320 companies in the past year—a 220% increase year-over-year—by integrating GenAI throughout the hiring and employment lifecycle. These actors use GenAI to fabricate convincing resumes, deploy real-time deepfake technology to hide identities during video interviews, and utilize AI-driven coding tools to perform job functions covertly. Similarly, groups like EMBER BEAR and CHARMING KITTEN exploit GenAI to spread pro-Russia narratives and craft sophisticated phishing lures using large language models (LLMs), targeting organizations in the U.S. and EU. This weaponization extends to exploiting vulnerabilities within AI software stacks, enabling unauthenticated access, credential harvesting, persistence, and malware deployment. Emerging GenAI-built malware families such as Funklocker and SparkCat exemplify this trend. As enterprises accelerate AI adoption, their attack surfaces expand, with threat actors prioritizing AI-integrated systems to transform traditional insider threats into persistent, scalable campaigns.Cross-Domain Intrusions
Adding to the complexity, adversaries are mastering cross-domain attacks that seamlessly traverse endpoints, identity systems, cloud environments, and unmanaged assets to evade traditional security controls. The resurgence of SCATTERED SPIDER illustrates this capability. Operators use voice phishing (vishing) and help desk impersonation to reset credentials, bypass multifactor authentication (MFA), and move laterally across SaaS and cloud infrastructures. In one documented case, SCATTERED SPIDER moved from initial access to ransomware encryption in under 24 hours, leveraging stolen personally identifiable information (PII) to impersonate employees and authenticate via help desk verifications. After account takeover, these actors pivot to integrated platforms for data warehousing, document management, and identity access management, establishing footholds for persistence, data exfiltration, and further propagation. Cloud intrusions surged 136% in the first half of 2025 compared to all of 2024, driven by a 40% increase in activity from suspected China-linked actors such as GENESIS PANDA and MURKY PANDA, who exploit misconfigurations and trusted access to evade detection. GLACIAL PANDA’s deep infiltration of telecommunications networks has fueled a 130% rise in nation-state espionage within the sector. CrowdStrike now tracks over 265 named adversaries and 150 activity clusters, reporting a 27% year-over-year increase in interactive intrusions. Notably, 81% of these intrusions are malware-free and rely on hands-on-keyboard tactics to bypass legacy detection systems. Cybercrime accounts for 73% of these intrusions, while vishing volumes are expected to double by the end of the year. The government sector has experienced a 71% overall increase in interactive intrusions and a 185% spike in targeted activities, highlighting the urgent need for organizations to incorporate these insights into defensive strategies against AI-augmented threats.Source: Originally published at GBHackers on August 4, 2025.