Volexity uncovered a sophisticated Chinese-aligned cyber-espionage campaign leveraging AI and LLMs like ChatGPT for spear-phishing, malware development, and multilingual social engineering. The operation, tracked as UTA0388, targeted global organizations, especially in Asia, using covert, patient tactics and dynamic malware variants. #UTA0388 #GOVERSHELL
Keypoints
- UTA0388 is a China-linked threat actor employing AI-generated content for spear-phishing campaigns.
- The group uses a patient, rapport-building social engineering approach before delivering malware.
- GOVERSHELL, their malware family, exhibits rapid evolution and complex communication methods.
- ChatGPT was utilized to craft convincing emails and assist in malware development, often with nonsensical or chaotic content.
- The campaign infrastructure shifted from hosting services like Netlify to self-registered domains, indicating adaption and sophistication.