What if your trusted computer suddenly started acting like it had a mind of its own, controlled by invisible strings? And what if, behind it all, lay the very "artificial intelligence" we created, generating its own terrifying commands to steal your personal information? This SF-movie nightmare is becoming a reality.

Ukrainian intelligence authorities have announced the discovery of a new, shocking computer virus that breaks all the rules. It’s using a revolutionary method: having an external AI write the "commands" to steal files from a computer. What's happening in the world of IT systems that we interact with every day? From a system integrator's perspective, let's break down the full scope of this new threat and what we can do about it.

The Day AI Became a "Magic Wand" for Cybercriminals

Traditional malware was designed by attackers who manually wrote program code for specific actions. However, the emergence of AI, especially generative AI that can create text and code, has turned this on its head. Generative models like ChatGPT can produce human-like text and even complex programming code from our prompts.

The Shock of Anyone Becoming a Hacker

What happens when this powerful capability falls into the hands of cybercriminals? The shocking truth is they no longer need "advanced programming skills." They can now generate malicious scripts and code simply by giving an AI model specific instructions. Even vague requests like "design a program to infect a system" or "write code to steal data" can result in the AI creating malicious software.

The Birth of "WormGPT" and "FraudGPT"

Tools like "WormGPT" and "FraudGPT," which are specialized for generating malicious code, have already appeared. These act like a "magic wand" for cybercrime, allowing hackers to automate attacks and deploy large-scale phishing campaigns or complex ransomware at record speed. As a system integrator involved in various system builds, this "lowering of the technical barrier" is a serious concern for the future of cybersecurity. The weapons once wielded only by experts are now available to anyone.

The Impact of "Polymorphic AI Malware": A Threat That Changes and Thinks

The new virus confirmed by Ukrainian authorities has the potential to be something even more terrifying: polymorphic AI malware. Polymorphic malware, as the name suggests, is malicious software that can "change its appearance." While conventional polymorphic malware uses techniques like packers and encryption to change its outer form, AI-generated polymorphic malware presents a more dynamic and advanced threat.

A Threat That Evolves in Real Time

This new virus can rewrite or regenerate its own code in real time, almost like a living organism. As a result, its structure changes every time a file is created or executed, but its function remains exactly the same. This renders traditional antivirus software, which relies on detecting threats based on "known signatures" or "specific patterns," completely ineffective.

How AI Shortens the "Dwell Time" of an Attack

Malware that exploits AI also has the ability to bypass firewalls, evade antivirus detection, and continuously change its form to appear harmless until an attack is executed. Attackers can use these tools to analyze system vulnerabilities and design custom-made attacks with ease. This dramatically shortens the "dwell time"—the period from an attacker's intrusion into a system until they are discovered—enabling faster and more effective attacks.

How AI Becomes an "Accomplice"

The core of the tactic confirmed by Ukrainian authorities is that this malware "has an external AI write the commands to steal files from a computer." Specifically, a malware called "LameHug" was found to be collaborating with an external Large Language Model (LLM), Qwen2.5-Coder-32B-Instruct, via the Hugging Face API to generate execution commands. This is like AI becoming an "accomplice" for cybercriminals, generating optimal attack procedures on the spot. When we perform security diagnostics, finding unknown threats quickly is critical, but attacks that "change shape" in real time like this make detection incredibly difficult.

New “LameHug” Malware Deploys AI-Generated Commands

An Attack from the Unseen Depths: How Far Will AI Be Misused?

The misuse of generative AI isn't limited to just generating malware code. Its impact is beginning to touch every aspect of cyberattacks.

Exploiting Human "Vulnerabilities"

First, there's the sophistication of social engineering. AI can learn human behavior patterns from massive amounts of data to create more realistic and convincing phishing emails. This leads to "hyper-targeted" phishing messages that seem to read a person's thoughts, making them extremely difficult for recipients to spot as scams.

AI That Creates a "False Reality"

Even more terrifying is the misuse of deepfakes. AI-generated fake audio and video can convincingly mimic specific people and be used for scams. For example, there have been reported cases of a company CEO's voice being faked to instruct an employee to make a fraudulent transfer, or a government official's deepfake video being used to manipulate public opinion. When we implement security measures for a client's system, it's often not technical vulnerabilities but "people" who are the greatest weakness. The current situation, where AI deeply analyzes human psychology to create clever scams, highlights the renewed importance of security education.

AI That Solves Attackers' "Resource Shortages"

AI also helps attackers overcome barriers of "technical knowledge" and "time." AI makes it incredibly easy to find vulnerabilities, and what used to be a severe vulnerability worth hundreds of millions of dollars can now be acquired for less than a hundred million. This means that even without being a skilled hacker, anyone with enough money can now launch sophisticated cyberattacks.

Faked Online Activities

Reports also show that North Korean threat actors are using AI to automatically generate resumes and create "sophisticated fake profiles" tailored to specific jobs and skill sets. They aim to pose as remote contractors to gain access to a company's internal network. They've also been found using OpenAI tools for technical support, such as investigating software vulnerabilities, fixing scripts, and troubleshooting system configurations. In this way, AI also acts as a "behind-the-scenes supporter" that automates and streamlines the activities of cybercriminals.

The AI-Era Cyber Defense Front: A Clash of Intellects

So, how do we protect ourselves against these intelligent cyberattacks? Fortunately, AI doesn't exist solely for offense. The defense side is also leveraging AI to build a new line of defense.

AI That "Predicts" and "Detects" Threats

AI can analyze massive amounts of network traffic, activity logs, and endpoint data in real time to identify anomalies and traces of potential breaches that traditional solutions might have missed. This allows for the early detection of new types of attacks and insider threats that were previously difficult to find. This is a truly groundbreaking evolution that fundamentally changes the concept of "security monitoring" that we've cultivated for years.

The Fusion of Zero Trust and AI

AI can detect anomalous activity and automatically block threats without human intervention, thereby shortening an attacker's "dwell time" within the system. To counter evolving threats like AI-powered malware, the "Zero Trust Security Architecture" is gaining attention. It operates on the principle of "never trust, always verify," continuously monitoring behavior and patterns in real time and dynamically applying policies to quickly detect and block attempts at lateral movement. The fusion of AI and Zero Trust amplifies their respective benefits, allowing for a more robust defense posture.

The Power of "Prevention" Born from Human-AI Collaboration

The greatest strength of AI-driven security measures is "prevention" through predictive analysis and automation. AI can identify evolving threats and vulnerabilities, and handle incidents quickly and automatically, minimizing damage and reducing the need for human intervention. This allows security staff to focus on triaging and investigating more complex threats that AI can't handle on its own.

Physical Defense with "White Stations"

Of course, relying solely on AI is not enough. For example, physical measures like introducing "White Stations" or "USB Sanitization Stations" are effective. These are tools that analyze and neutralize threats hidden in removable media like USB drives, stopping even advanced malware before it can enter the system. They act like gatekeepers, protecting a vital "gate" from an invisible enemy.

The Greatest Wall of Defense: "Humans"

Most importantly, the greatest wall of defense is "us"—humans. No matter how excellent the AI or security tools are, human error remains the biggest loophole for hackers to exploit. For example, clicking on a suspicious link or inserting an infected USB drive into a company computer. This demonstrates how crucial not just the robustness of IT systems is, but also the security awareness of every single user. Cybersecurity is no longer the sole responsibility of the IT department; it's a matter for everyone in the organization to take ownership of.

Our Change in Mindset Will Shape the Future

The new virus confirmed by Ukrainian authorities, which has an external AI write its commands, was shocking news—like the birth of an unknown life form in the IT world. This evolution shows that cyberattacks have moved beyond being a mere "computer technology" problem and have become a clash of "intellects."

AI brings us new threats we couldn't have imagined, but it can also be a powerful shield against them. Understanding this duality and knowing how to use it will be the key to cybersecurity going forward.

Our long-cultivated IT knowledge and experience can evolve into an even stronger defense by leveraging the power of AI. AI will never replace humans; it will become a "powerful partner" for us as SIers to protect our clients' systems.

However, to achieve this, each of us needs to strongly believe that "cybersecurity is my responsibility." Being sensitive to suspicious activities, constantly learning new knowledge, and working together as an entire organization on countermeasures—this diligent effort is the only way to protect ourselves and society from the "nightmare" of being controlled by invisible strings.

Before that SF movie-like nightmare becomes a complete reality, shouldn't we, as humans, start now to unlock the true potential of AI and take the wisdom and action needed to protect the peace of cyberspace?

Follow me!