wavehackr

@[email protected]
24 Followers
25 Following
8 Posts
teach/research malware reversing, threat intelligence. formerly threat intelligence researcher with crowdstrike.
webhttps://chrisdietri.ch
webhttps://threatlab.if-is.net
wavehackrJan 8
hakan “Jan 8

So, Enisa, the cybersecurity agency of the EU, releases a yearly Threat Landscape. In the 2025 edition, they've used AI. And the AI introcuded loads of errors. Five percent of all the links end up 404

One of the researchers.(@wavehackr) told me: "You just had to click once", to check whether the links are valid or not. Upon closer inspection, you'd notice something was amiss just by looking, i.e., Enisa referenced a blogpost by MSFT. The link has "APT29" in it. Microsoft is very picky about those names.

They even have a blogpost about their naming convention (https://learn.microsoft.com/en-us/unified-secops/microsoft-threat-actor-naming) What other companies call APT29, MSFT calls "Midnight Blizzard". The AI apparently didn't dig those subtleties.

Here's the story
https://www.derstandard.at/story/3000000303214/peinliche-panne-bericht-der-eu-agentur-fuer-cybersicherheit-mit-ki-verfasst-und-fehlerhaft

How Microsoft names threat actors - Unified security operations

Learn how Microsoft names threat actors and how to use the naming convention to identify associated intelligence.

Show threadwavehackrJan 8

We’re not anti‑AI. Our aim is to design AI‑based systems that are as fail‑safe as possible and do not alter content without human supervision.

Right now, we don't have solutions at hand, other than QA and strict provenance checks with a human in the loop. #CTI #AI #infosec

Show threadwavehackrJan 8
AI‑assisted threat intel reports create a full‑circle problem: ChatGPT draws on reports that cite “phantom” links, then regurgitates the same unverifiable sources.
Show threadwavehackrJan 8
Would you have spotted the phantom link?
wavehackrJan 8

RE: https://infosec.exchange/@hatr/115859979254394611

It’s 2025 and AI is used *everywhere* – even in threat intelligence writing.
That’s understandable. Careful phrasing is hard, text gen AI can help with that: wording the report.

The catch: It may introduce "phantom links", i.e., confabulated (hallucinated) URLs as sources. Those references cannot be traced back to the primary source, so verification becomes impossible and trust erodes.

wavehackrDec 4
Armchair InvestigatorsDec 3

Kommen euch solche Dateinamen bekannt vor?

invoice_1337_part_1.xlsx
document_1337_part_2.ico
report_1337_part_last.jpg

Regulärer Ausdruck:

(report|invoice|contract|photo|scheme|document)_\d+_part_(\d+|last).(jpg|jpeg|gif|bmp|ico|png|pdf|doc|docx|xls|xlsx|ppt|pptx|mp3|mp4|xml)

wavehackrOct 10
Armchair InvestigatorsOct 10
RELEASE unserer neuen Folge! Nr. 11: Der SolarWinds Hack - Supply-Chain Angriff wie er im Buche steht: https://armchairinvestigators.de/podcast/11-sunspot-der-unsichtbare-vorbote-der-sunburst‑attacke/
#11 Sunspot – Der unsichtbare Vorbote der Sunburst‑Attacke – Armchair Investigators

Ein Dialog zu Malware, Cybercrime, und Cyberspionage in Podcast-Form von Christian Dietrich und Lars Wallenborn

wavehackrFeb 13, 2024
larsbornFeb 11, 2024
If you didn't know: I also do a Podcast (it's in German though). Brining this up right now because Chris —my co-host— and I decided to give this Mastodon thing a spin: https://infosec.exchange/@armchairinvestigators.
Armchair Investigators (@[email protected])

0 Posts, 0 Following, 0 Followers · Armchair Investigators ist ein Podcast im Dialogformat zu Malware, Cybercrime und Cyberspionage.

Infosec Exchange