Hackers are using a variant of the Gh0st RAT malware named UNK_SweetSpecter to target AI experts in the US, stealing information from fewer than 10 technical personnel linked to a leading U.S.-based AI organization
The attackers aim to gain access to nonpublic information about generative AI by using phishing emails with a Trojan. This Chinese threat actor has been identified in a campaign that began earlier this month, spreading the remote access Trojan through AI-themed email phishing lures. The customized variant of Gh0st RAT, which initially surfaced in 2008, grants capabilities such as full remote control of infected machines, keylogging, spying via the webcam, and deploying additional malware. The attacker managed to send the targets a zip archive with questions about AI problems, which, when downloaded, unleashed the malware. This incident comes amid US government restrictions on Chinese access to gen AI software and tools, with the possibility of Chinese-aligned cyber actors targeting individuals with access to such technologies for furthering Chinese development goals. https://www.bankinfosecurity.com/hackers-target-us-ai-experts-customized-rat-a-25266