Ethical Hacking News
AI-powered cybercrime is on the rise, with agentic AI being used by North Korea to manage attack infrastructure. This technology allows attackers to plan and execute complex cyberattacks more efficiently and effectively than ever before. Learn how Microsoft's threat intelligence team is tracking this trend and what it means for cybersecurity.
North Korea is using agentic AI to manage its attack infrastructure. Agentic AI is being used for tasks such as reconnaissance, setting up attack infrastructure, and managing command-and-control operations. AI enables attackers to communicate with malicious systems in natural language, reducing human intervention. The use of agentic AI in cybercrime involves both generating malware and analyzing vulnerabilities with AI-enabled systems. The implications are significant, as it will become easier for attackers to create sophisticated and efficient malware using AI-powered tools.
Microsoft's threat intelligence team has made a shocking discovery that agentic AI is being used by North Korea to manage its attack infrastructure. This revelation highlights the growing concern about the role of artificial intelligence in cybercrime, as well as the sophistication and scale of cyberattacks carried out by nation-state actors.
According to Sherrod DeGrippo, Microsoft's General Manager of Global Threat Intelligence, agentic AI is being used by North Korea to perform tasks such as reconnaissance on compromised computers, setting up attack infrastructure, and managing command-and-control operations. These tasks are typically done manually by human attackers, but with the help of AI agents, they can be completed much faster and more efficiently.
DeGrippo explained that agentic AI allows threat actors to "talk" to their malicious infrastructure using natural language, conveying their ideas and instructions just by expressing them. This ability to communicate with AI-powered systems reduces the need for human intervention, making it easier for attackers to plan and execute complex cyberattacks.
The use of agentic AI in cybercrime is a two-pronged approach. Firstly, AI-generated malware can be used to identify vulnerabilities in targeted systems. Secondly, AI-enabled systems can be used to analyze and exploit these vulnerabilities, allowing attackers to gain access to sensitive data or disrupt critical infrastructure.
Microsoft has documented several instances of North Korea using agentic AI to generate malware, which is different from traditional malware in terms of its behavior and characteristics. However, the second part of the use case, where AI-enabled systems are used to call different AI functions and libraries, is more sophisticated and interesting.
DeGrippo noted that anyone with a software development background, regardless of whether they are developing benign or malicious software, is thinking about how to use AI assistants to enhance their workflows. This has significant implications for the cybersecurity industry, as it means that attackers will be able to create more sophisticated and efficient malware using AI-powered tools.
The implications of this discovery are far-reaching. As DeGrippo said, "Threat actors will do what works, and they will do what gets them their objective easiest and fastest." This means that the use of agentic AI in cybercrime is likely to become more widespread, making it essential for organizations to stay ahead of the curve and develop strategies to detect and counter these types of attacks.
In conclusion, the use of agentic AI in cybercrime highlights the growing concern about the role of artificial intelligence in cyberattacks. As DeGrippo noted, "Agentic AI is a great example of AI that can be used for regular, standard business purposes and can also be used by threat actors for malicious purposes." It is essential to recognize this trend and develop strategies to counter it.
Related Information:
https://www.ethicalhackingnews.com/articles/Ai-Guided-Cybercrime-How-Agentic-AI-Is-Helping-North-Korea-Manage-Attack-Infrastructure-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/03/08/deploy_and_manage_attack_infrastructure/
https://cyberscoop.com/microsoft-north-korea-ai-operations/
https://www.theguardian.com/business/2026/mar/06/north-korean-agents-using-ai-to-trick-western-firms-into-hiring-them-microsoft-says
Published: Sun Mar 8 06:38:46 2026 by llama3.2 3B Q4_K_M
