A single threat actor used Claude and ChatGPT to compromise nine Mexican government agencies and steal hundreds of millions of citizen records in a highly sophisticated cyberattack.

submitted by

https://cybersecuritynews.com/hacker-uses-claude-and-chatgpt-to-breach/

25
393

Log in to comment

Hot Top New Old

Is it just me or do the logos for those companies look like drawings of anuses?

 reply
47
edited

Ultimately I noticed a lot of new scams running around and some gov.br websites serving a lot of scams (they existed before only as redirects to scams, now they seem to be hosted in there too). A friend of mine tried to delete a 2FA token from her phone and got calls about that from a completely different “agency”.

Seems like the script kiddie bar got higher…

Edit: But on this case, the article doesn’t give any source

 reply
42

Wonder if I got a scam call via AI the other day. It seemed more sophisticated than other ones I’ve gotten and things they said to me were very reassuring but I insisted on calling them back via their public-facing support line. Nobody knew what I was talking about when I called back.

 reply
22

This is what’s going to kill the “we’ll hold your place in line for you and call you back” on the automated telephone systems UNLESS the automated system reads/texts you a random 7+ digit code that the rep that “calls you back” has to provide to you.

Otherwise, how the hell do I know you’re actually from my <insert company that has my PII here>.

 reply
16

Probably.

I think almost all calls these days are scams, like phishing, advertisements, voice cloning, the usual nigerian prince (he’s still alive).

 reply
5

A good chunk operate out of 217.199.144.0/22 (Physical location) in Kenya. We have lots of fun with their fixed wireless routers.

 reply
3

There are so many. And scammers keep lists of victims to do more scams to them. My mom has been scammed a few times in different ways for different amounts of money.

 reply
3

This automated system analyzed information across 305 internal servers, rapidly producing 2,597 structured intelligence reports. By automating the data analysis phase, a single operator successfully processed an intelligence volume that would traditionally require an entire team.

That’s a great ad, not gonna lie.

 reply
79

But everyone on Lemmy said LLMs had no usecases

 reply
12

They have lots of use cases for red team. Recon, enumeration, exploit chaining, fuzzing. It doesn’t matter if the error rate is 10-20% a shell is a shell

 reply
14

I imagine it has plenty of use cases for blue team as well, just not as many for active threat response.

 reply
2
edited

It can help you write the patch. Identify threats in a SIEM or SOAR setup. But I can’t think of much else. Defense has to be correct. If your .htaccess file is 99% correct that’s a problem

 reply
4
edited

Can see a few people disagree with you

Does anyone have a good litmus test for when the perspective might shift? TurboQuant making it easier to have larger context windows for local models give me a pinch of hope and I’m really holding out for a decent Open-Weights model I can self host for Home Automation.

I’m fully aware LLMs are just predictive text on roids and we haven’t achieved real AGI, but do we know of anything that will help us filter through the marketing?

 reply
5

You can do it locally now pretty easily depending on your use ass and hardware, huggingface has all the models you’d need and use something like llama-swap

 reply
4

There’s millions of YouTube videos on this subject.

Qwen3.5 is very capable and you can run it on any hardware you have. Just depends on the model size

 reply
2

You can reason from a few principles:

  • At its core, the math functions being optimized by these AI tools and their specialized hardware is that they can perform inference and pattern recognition at huge scales across enormous data sets.
  • Inferring a rule set for pattern also allows generation of new data that fits that pattern.
  • Some portion of human cognitive work falls within the general framework of finding patterns or finding new data that fits an old pattern.

So when people start making claims about things with clear, objective definitions (a win condition in chess, the fastest route to take through a maze, a highest lossless compression algorithm for real world text), it’s reasonable to believe that the current AI infrastructure can lead to breakthroughs on that front. So image recognition, voice recognition, and things like that were largely solved a decade ago. Text generation with clear and simple definitions of good or bad (simple summaries, basic code that accomplishes a clearly defined goal) is what LLMs have been doing well.

On things that have much more fuzzy or even internally inconsistent definitions, the AI world gets much more controversial.

But I happen to believe that finding and exploiting bugs or security vulnerabilities falls more into the well defined problem with well defined successes and failures. So I take it seriously when people claim that AI tools are helpful for developing certain exploits.

 reply
2

you’re seeing massive cope because most of lemmy is tech workers

 reply
0

3D artist here, generative AI models are great at making work that looks super impressive while being completely unuseable for most applications, I suspect this is what most tech workers find too.

 reply
2

How inspiring! Truly motivational! ☕️

 reply
15

How kind of the government to provide these tools to ordinary citizens.

 reply
65

Not the vibe script kiddies

 reply
12

Viber attack, surely

 reply
6

Is that the Vonnegut butthole?

 reply
2
Insert image