Threat Actors Using AI to Scale Operations, Accelerate Attacks and Attack Autonomous AI Agents

The cybersecurity landscape has witnessed an unprecedented evolution as threat actors increasingly weaponize artificial intelligence to amplify their attack capabilities and target the very AI systems organizations depend upon.

According to the CrowdStrike 2025 Threat Hunting Report, adversaries are no longer merely using AI as an auxiliary tool but have integrated generative AI technologies into every phase of their operations, from initial reconnaissance to payload deployment.

This paradigm shift represents a fundamental transformation in cyber warfare, where traditional attack methodologies are being supercharged through machine learning algorithms and automated decision-making processes.

The emergence of AI-powered threat campaigns has enabled lower-skilled adversaries to execute sophisticated attacks that previously required advanced technical expertise.

Threat actors are leveraging generative AI for script generation, technical problem-solving, and malware development, democratizing access to high-level cyber capabilities.

The report identifies two notable examples of this trend: the Funklocker and SparkCat malware families, which demonstrate the emergence of GenAI-built malware designed to evade traditional detection mechanisms through dynamically generated code structures and polymorphic behaviors.

CrowdStrike analysts identified a particularly concerning development in the form of DPRK-nexus adversary FAMOUS CHOLLIMA, which infiltrated over 320 companies in the last 12 months representing a staggering 220% year-over-year increase.

This threat actor employs generative AI at every stage of the hiring and employment process, utilizing real-time deepfake technology to mask identities during video interviews and AI code tools to perform job functions while maintaining covert access to organizational systems.

Advanced Persistence Through AI-Enhanced Social Engineering

The most sophisticated aspect of these AI-powered campaigns lies in their ability to establish persistent access through enhanced social engineering techniques.

SCATTERED SPIDER exemplifies this approach by combining vishing attacks with help desk impersonation, using AI-generated scripts to accurately provide employee identification numbers and answer verification questions.

The group’s operators leverage machine learning algorithms to analyze publicly available information and construct convincing personas that can bypass multifactor authentication systems and gain access to SaaS environments, often achieving full network encryption within 24 hours of initial compromise.

Integrate ANY.RUN TI Lookup with your SIEM or SOAR To Analyses Advanced Threats -> Try 50 Free Trial Searches