AI Market Logo
Login Sign Up
BTC $43,552.88 -0.46%
ETH $2,637.32 +1.23%
BNB $312.45 +0.87%
SOL $92.40 +1.16%
XRP $0.5234 -0.32%
ADA $0.8004 +3.54%
AVAX $32.11 +1.93%
DOT $19.37 -1.45%
MATIC $0.8923 +2.67%
LINK $14.56 +0.94%
HAIA $0.1250 +2.15%
BTC $43,552.88 -0.46%
ETH $2,637.32 +1.23%
BNB $312.45 +0.87%
SOL $92.40 +1.16%
XRP $0.5234 -0.32%
ADA $0.8004 +3.54%
AVAX $32.11 +1.93%
DOT $19.37 -1.45%
MATIC $0.8923 +2.67%
LINK $14.56 +0.94%
HAIA $0.1250 +2.15%
Threat Actors Exploit AI to Scale Attacks and Target Autonomous Agents
artificial-intelligence

Threat Actors Exploit AI to Scale Attacks and Target Autonomous Agents

Adversaries use AI to automate attacks, target autonomous agents, and expand their reach across cloud and enterprise systems in 2025.

August 5, 2025
5 min read
Aman Mishra

Adversaries use AI to automate attacks, target autonomous agents, and expand their reach across cloud and enterprise systems in 2025.

Threat Actors Exploit AI to Scale Attacks and Target Autonomous Agents

Adversaries are increasingly leveraging artificial intelligence (AI) to boost their operational efficiency amid a rapidly evolving threat landscape. By scaling attacks and focusing on autonomous AI agents that underpin modern enterprise ecosystems, threat actors are reshaping cybercrime tactics. According to frontline intelligence from CrowdStrike’s 2025 Threat Hunting Report, elite threat hunters and analysts reveal that threat actors are harnessing generative AI (GenAI) to optimize resource-constrained operations. This enables infiltration of organizations with unprecedented speed and precision. This shift empowers even lower-skilled eCrime and hacktivist groups to automate complex tasks traditionally requiring advanced expertise, such as malware development, script generation, and technical problem-solving.

AI Weaponization

For example, the DPRK-nexus adversary FAMOUS CHOLLIMA has infiltrated over 320 companies in the past 12 months—a 220% year-over-year increase—by integrating GenAI throughout the hiring and employment lifecycle. These actors fabricate convincing resumes, use real-time deepfake technologies to mask identities during video interviews, and employ AI-driven coding tools to covertly perform job functions. Similarly, adversaries like EMBER BEAR and CHARMING KITTEN exploit GenAI to spread pro-Russia narratives and craft sophisticated phishing lures using large language models (LLMs), targeting organizations in the U.S. and EU. This weaponization extends to exploiting vulnerabilities in AI software stacks, enabling unauthenticated access, credential harvesting, persistence mechanisms, and malware deployment. Emerging GenAI-built malware families such as Funklocker and SparkCat exemplify this trend. As enterprises accelerate AI adoption, the attack surface expands. Threat actors prioritize AI-integrated systems to transform traditional insider threats into persistent, scalable campaigns.

Cross-Domain Intrusions

Adding to the risk, adversaries are mastering cross-domain attacks that traverse endpoints, identity systems, cloud environments, and unmanaged assets to evade conventional security controls. The resurgence of SCATTERED SPIDER highlights this capability. Operators use voice phishing (vishing) and help desk impersonation to reset credentials, bypass multifactor authentication (MFA), and move laterally across SaaS and cloud infrastructures. In one incident, SCATTERED SPIDER advanced from initial access to ransomware encryption in under 24 hours, leveraging personally identifiable information (PII) to impersonate employees and authenticate via help desk verifications. Post-account takeover, these actors pivot to integrated platforms for data warehousing, document management, and identity access management, establishing footholds for persistence, data exfiltration, and further propagation. Cloud intrusions surged 136% in the first half of 2025 compared to all of 2024, driven by a 40% increase in activity from suspected China-nexus actors such as GENESIS PANDA and MURKY PANDA, who exploit misconfigurations and trusted access to evade detection. GLACIAL PANDA’s deep embedding in telecommunications networks has fueled a 130% rise in nation-state espionage within the sector. CrowdStrike now tracks over 265 named adversaries and 150 activity clusters, reporting a 27% year-over-year increase in interactive intrusions. Notably, 81% of these intrusions are malware-free and rely on hands-on-keyboard tactics to bypass legacy detection methods. eCrime accounts for 73% of these intrusions, while vishing volumes are projected to double by the end of the year. The government sector has experienced a 71% overall increase in interactive intrusions and a 185% spike in targeted activities, underscoring the urgent need for organizations to integrate these insights into defensive strategies to counter AI-augmented threats effectively.
Source: GBHackers

Frequently Asked Questions (FAQ)

AI in Cyber Attacks

Q: How are threat actors using AI to enhance their attacks? A: Threat actors are leveraging AI, particularly generative AI (GenAI), to automate complex tasks, develop malware, craft sophisticated phishing lures, and optimize resource-constrained operations, increasing the speed and precision of their attacks. Q: What is "AI weaponization" in the context of cyber threats? A: AI weaponization refers to the use of AI technologies by malicious actors to create and deploy cyber weapons, exploit vulnerabilities in AI systems themselves, and conduct attacks with greater efficiency and sophistication. Q: What are examples of AI-built malware families mentioned? A: Emerging GenAI-built malware families include Funklocker and SparkCat.

Autonomous Agents and Cross-Domain Intrusions

Q: What are autonomous AI agents, and why are they targets? A: Autonomous AI agents are systems that can operate and perform tasks independently. They are targeted by threat actors because they are increasingly underpinning modern enterprise ecosystems, making them critical infrastructure for attack. Q: What are cross-domain attacks, and how do they bypass security? A: Cross-domain attacks traverse multiple environments (endpoints, identity systems, cloud, unmanaged assets) to evade conventional security controls. Adversaries are mastering these to maintain persistence and achieve their objectives. Q: How is voice phishing (vishing) being used in these attacks? A: Vishing, often combined with help desk impersonation, is used to reset credentials, bypass multi-factor authentication (MFA), and gain unauthorized access to systems and data.

Specific Adversary Tactics

Q: How has FAMOUS CHOLLIMA used AI in their operations? A: FAMOUS CHOLLIMA has integrated GenAI into the hiring process, fabricating resumes, using deepfakes for video interviews, and employing AI coding tools to perform job functions covertly, leading to a significant increase in their infiltration success. Q: Which adversary groups are using GenAI for spreading narratives and phishing? A: EMBER BEAR and CHARMING KITTEN are mentioned as groups exploiting GenAI for spreading pro-Russia narratives and crafting sophisticated phishing lures.

Crypto Market AI's Take

The increasing sophistication of cyber threats, fueled by AI, presents a significant challenge for all organizations, including those in the burgeoning cryptocurrency space. As threat actors adopt AI to scale their attacks, the need for robust, AI-powered cybersecurity solutions becomes paramount. Our platform is designed with this in mind, offering advanced AI tools and market intelligence to help users navigate this evolving threat landscape. Understanding these evolving tactics is crucial for safeguarding digital assets and ensuring secure operations in the decentralized finance ecosystem. Explore our insights on AI-driven crypto trading to stay ahead of these sophisticated threats and leverage AI for your security.

More to Read: