Microsoft has announced a lawsuit against a foreign-based hacker group, accusing it of misusing artificial intelligence services by establishing an infrastructure to offer hacking services. The company’s Digital Crimes Unit (DCU) discovered that the group manipulated Microsoft AI services, such as Azure OpenAI, to develop malicious software for generating harmful content. The group allegedly sold access to these services to other malicious actors.
Microsoft Claims Theft of API Keys!
According to court documents, the hacker group infiltrated Microsoft systems by using stolen Azure API keys and customer authentication credentials. With this information, they reportedly used the DALL-E model to generate harmful images. Additionally, the group offered this infrastructure as a commercial service, providing instructions to other actors on how to use it.
The group operated through a centralized website called ‘aitism[.]net’ and used intermediary software known as ‘de3u’ to manage their operations. The de3u tool provided an interface to generate visuals from models like DALL-E using stolen API keys. Microsoft also discovered that the group attempted to hide their activities by deleting Rentry.org pages, GitHub repositories, and certain elements of their reverse proxy infrastructure.
Microsoft stated that it detected the threat in July 2024 and has since revoked the group’s access, enhanced security measures, and developed new countermeasures to combat such infrastructure-targeted threats. The company also seized the “aitism[.]net” domain and initiated legal proceedings.
As part of the lawsuit, Microsoft revealed that the group systematically stole API keys and impacted numerous U.S.-based companies. Targeted customers include businesses in Pennsylvania and New Jersey.
What do you think? Share your thoughts in the comments!
{{user}} {{datetime}}
{{text}}