CyberSecurity news
FlagThis
@blogs.microsoft.com
//
Microsoft is taking legal action against a foreign-based hacking group accused of operating a "hacking-as-a-service" infrastructure. This group exploited stolen Azure API keys and customer Entra ID credentials to bypass the safety controls of Microsoft's generative AI services, particularly the Azure OpenAI Service. They are said to have developed sophisticated software to gain access, and then intentionally alter the capabilities of those services. This allowed them to generate offensive and harmful content, which was then distributed through tools sold to other malicious actors. This abuse was discovered by Microsoft in July 2024, leading to the lawsuit.
Microsoft's Digital Crimes Unit has stated that the threat actors actively scraped public websites to obtain exposed customer credentials. The group monetized their illicit access by selling custom tools, alongside detailed instructions on generating harmful content. The lawsuit seeks to dismantle the group’s operation, including seizing websites like "aitism[.]net" central to their criminal activity. Microsoft has since revoked the threat-actor's access, put in place countermeasures and strengthened their safeguards to prevent future incidents. The threat actor group is believed to have targeted not only Microsoft but other AI platforms and U.S. based companies, including those in Pennsylvania and New Jersey.
References :
Microsoft's Digital Crimes Unit has stated that the threat actors actively scraped public websites to obtain exposed customer credentials. The group monetized their illicit access by selling custom tools, alongside detailed instructions on generating harmful content. The lawsuit seeks to dismantle the group’s operation, including seizing websites like "aitism[.]net" central to their criminal activity. Microsoft has since revoked the threat-actor's access, put in place countermeasures and strengthened their safeguards to prevent future incidents. The threat actor group is believed to have targeted not only Microsoft but other AI platforms and U.S. based companies, including those in Pennsylvania and New Jersey.
Share:
References :
- ciso2ciso.com: Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation – Source:thehackernews.com
- osint10x.com: Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
- The Hacker News: Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
- Pyrzout :vm:: Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation – Source:thehackernews.com
- www.the420.in: Microsoft Sues Hackers for Exploiting AI Services with Stolen Azure Credentials
- Schneier on Security: Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme
- arstechnica.com: Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme
- Osint10x: Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
- blogs.microsoft.com: Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme