Microsoft announced that it has filed a lawsuit against a foreign-based hacker group for allegedly abusing artificial intelligence services by establishing an infrastructure that provides hacking services. The company’s Digital Crimes Unit (DCU) found that the group was developing malware to produce malicious content by manipulating Microsoft AI services such as Azure OpenAI and selling access to these services to other malicious actors.
Microsoft claims API keys were stolen!
According to court documents, the group infiltrated Microsoft systems using stolen Azure API keys and customer authentication information. With this information, they produced malicious images using the DALL-E model. Additionally, the group offered this infrastructure as a commercial service and provided instructions teaching other actors how to use it.
Hacker group, ‘aitism'[.]It ran its operations using a central website called ‘net’ and a middleware known as ‘de3u’. de3u offered an interface that enabled visual production from models such as DALL-E with stolen API keys. It was found that the group attempted to delete Rentry.org pages, GitHub repositories, and parts of the reverse proxy infrastructure to hide its activities.
Microsoft stated that it became aware of the threat in July 2024 and has since revoked the group’s access, increased security measures and developed new countermeasures to combat threats targeting infrastructure. The company also criticized the group’s use of “aitism”[.]net” domain name and initiated a judicial process.
Within the scope of the case, Microsoft claimed that the group’s systematic API He announced that he committed key theft and many customer companies in the USA were affected by this situation. Targeted customers include companies in Pennsylvania and New Jersey.
Do you think such cases could improve security in AI services? Share your opinions in the comments!
Source link: https://shiftdelete.net/microsoft-unlu-hack-grubuna-buyuk-dava-aciyor