Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme

Avatar
Microsoft on Thursday unmasked four of the individuals that it said were behind an Azure Abuse Enterprise scheme that involves leveraging unauthorized access to generative artificial intelligence (GenAI) services in order to produce offensive and harmful content. The campaign, called LLMjacking, has targeted various AI offerings, including Microsoft’s Azure OpenAI Service. The tech giant is
[[{“value”:”

Microsoft on Thursday unmasked four of the individuals that it said were behind an Azure Abuse Enterprise scheme that involves leveraging unauthorized access to generative artificial intelligence (GenAI) services in order to produce offensive and harmful content.

The campaign, called LLMjacking, has targeted various AI offerings, including Microsoft’s Azure OpenAI Service. The tech giant is tracking the cybercrime network as Storm-2139. The individuals named are –

Arian Yadegarnia aka “Fiz” of Iran,
Alan Krysiak aka “Drago” of United Kingdom,
Ricky Yuen aka “cg-dot” of Hong Kong, China, and
Phát Phùng Tấn aka “Asakuri” of Vietnam

“Members of Storm-2139 exploited exposed customer credentials scraped from public sources to unlawfully access accounts with certain generative AI services,” Steven Masada, assistant general counsel for Microsoft’s Digital Crimes Unit (DCU), said.

“They then altered the capabilities of these services and resold access to other malicious actors, providing detailed instructions on how to generate harmful and illicit content, including non-consensual intimate images of celebrities and other sexually explicit content.”

The malicious activity is explicitly carried out with an intent to bypass the safety guardrails of generative AI systems, Redmond added.

The amended complaint comes a little over a month after Microsoft said it’s pursuing legal action against the threat actors for engaging in systematic API key theft from several customers, including several U.S. companies, and then monetizing that access to other actors.

It also obtained a court order to seize a website (“aitism[.]net”) that is believed to have been a crucial part of the group’s criminal operation.

Storm-2139 consists of three broad categories of people: Creators, who developed the illicit tools that enable the abuse of AI services; Providers, who modify and supply these tools to customers at various price points; and end users who utilize them to generate synthetic content that violate Microsoft’s Acceptable Use Policy and Code of Conduct.

Microsoft said it also identified two more actors located in the United States, who are based in the states of Illinois and Floria. Their identities have been withheld to avoid interfering with potential criminal investigations.

The other unnamed co-conspirators, providers, and end users are listed below –

A John Doe (DOE 2) who likely resides in the United States
A John Doe (DOE 3) who likely resides in Austria and uses the alias “Sekrit”
A person who likely resides in the United States and uses the alias “Pepsi”
A person who likely resides in the United States and uses the alias “Pebble”
A person who likely resides in the United Kingdom and uses the alias “dazz”
A person who likely resides in the United States and uses the alias “Jorge”
A person who likely resides in Turkey and uses the alias “jawajawaable”
A person who likely resides in Russia and uses the alias “1phlgm”
A John Doe (DOE 8) who likely resides in Argentina
A John Doe (DOE 9) who likely resides in Paraguay
A John Doe (DOE 10) who likely resides in Denmark

“Going after malicious actors requires persistence and ongoing vigilance,” Masada said. “By unmasking these individuals and shining a light on their malicious activities, Microsoft aims to set a precedent in the fight against AI technology misuse.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

“}]] The Hacker News 

Total
0
Shares
Previous Post

12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training

Next Post

Hacker behind over 90 high-profile data leaks worldwide arrested in Thailand

Related Posts

Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine

Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT. "The file names use Russian words related to the movement of troops in Ukraine as a lure," Cisco Talos researcher Guilherme Venere said in a report published last week. "The PowerShell downloader contacts geo-fenced servers located in Russia and Germany to
Avatar
Read More

Why The Modern Google Workspace Needs Unified Security

The Need For Unified Security Google Workspace is where teams collaborate, share ideas, and get work done. But while it makes work easier, it also creates new security challenges. Cybercriminals are constantly evolving, finding ways to exploit misconfigurations, steal sensitive data, and hijack user accounts. Many organizations try to secure their environment by piecing together different
Avatar
Read More

Top 10 Best Practices for Effective Data Protection

Data is the lifeblood of productivity, and protecting sensitive data is more critical than ever. With cyber threats evolving rapidly and data privacy regulations tightening, organizations must stay vigilant and proactive to safeguard their most valuable assets. But how do you build an effective data protection framework? In this article, we'll explore data protection best practices from meeting
Avatar
Read More