- Threat actors used an AI-generated PowerShell script to enumerate Active Directory, marking a new wave of vibe-coded malware.
- The attack chain included RDP access with compromised credentials, tool staging, and data exfiltration to a remote server.
- AI-assisted attacks lower the barrier to entry for cybercrime, enabling rapid and aggressive campaigns.
- Sygnia observed an AI-assisted cloud attack that advanced from initial access to broad compromise within 72 hours.
Cybersecurity researchers have flagged an intrusion where an unknown threat actor leveraged a vibe-coded PowerShell script for Active Directory enumeration. According to Huntress researchers Jevon Ang and Dray Agha, the script mapped the Domain Controller and harvested users, computers, and domains before exporting data into an HTML report.
The attack chain involved the threat actor establishing Remote Desktop Protocol access onto a domain-joined Windows Server using pre-compromised credentials. Tools were staged in the “C:\ProgramData\” folder, including an AI-generated payload described as “highly aggressive” and “noisy.”
The script, titled “100% Working AD Information Gathering Script – FULLY FIXED,” suggests a back-and-forth with a large language model. About 30 minutes later, the attacker deployed s5cmd and SharpShares to enumerate network shares and exfiltrate data to a remote server.
The development is yet another sign that threat actors are augmenting their arsenal with vibe-coded malware. “The underlying attack chain still resembles the tried-and-tested smash-and-grab playbook we’ve seen for years,” Huntress said.
In a separate report, Sygnia revealed that AI-enabled attackers do not necessarily need novel malware or zero-days. The company observed an AI-assisted cloud attack against a large Amazon Web Services environment that progressed from initial access to broad compromise within about 72 hours.
The attacker repeatedly leveraged newly acquired credentials for discovery, secrets harvesting, and persistence. “The significance was not that AI introduced new attack techniques… but that it reduced the time and effort required to operationalize those techniques,” Sygnia pointed out.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
