A new wave of cyberattacks linked to North Korea employs advanced techniques that combine artificial intelligence with npm malware, shell companies, and remote access trojans. These attacks use AI to automate the insertion of malicious code, surpassing human response capabilities and turning remote access into the fastest route to a security breach.
How the attack with AI and RATs works 🛡️
Attackers inject contaminated npm packages that, when installed, deploy remote access trojans. Artificial intelligence accelerates the generation of malicious code and the creation of shell companies, which serve as a front to distribute the malware. The goal is to collapse the human detection window: while an analyst reviews one clue, the AI has already compromised the system. The speed of execution leaves little room for manual response.
Shell companies: the North Korean parallel business 🏢
Attackers not only write code, they also set up fake companies with serious names and flawless websites. They look like legitimate startups, but their star product is a RAT camouflaged as useful software. The funny thing is that if they ever decide to invoice, they would have to explain to the tax authorities that their only income comes from selling remote access to your files. A hardly sustainable business plan, but an effective one.