- CYBERDEFENSE.NET
- Posts
- CYBERATTACK 3.0 : WHEN AI STRIKES WITHOUT A TRACE
CYBERATTACK 3.0 : WHEN AI STRIKES WITHOUT A TRACE
"Do you want to fight cybercriminals too? Grab your keyboard and join the front line!"
Johnny Rico
August 28, 2025
In partnership with
🤖 Dear internet users and fellow Cyberdefenders,
August 2025. The lines of defense are falling, one by one.
Newsrooms, companies, financial institutions… All are under heavy fire from invisible enemies.
But this time, the attack isn't coming from a hostile planet: it's coming from your own tools—your search engines, your generative AIs, your seemingly harmless files.
The numbers speak for themselves: 600,000 malicious emails blocked in one year by a single newsroom, deepfakes that imitate your colleagues perfectly, trojans camouflaged in ordinary images…
As you read these lines, the enemy is scanning your ports and scrutinizing your habits.
Fake podcasts are targeting executives, AIs are being used to infiltrate companies under the guise of HR, and Trojans recycled from the 2000s are still paralyzing stock markets today.
The war is digital, and you are already on the battlefield.
This issue gives you the keys to understanding the new weapons used in this invisible conflict: offensive AI, precision social engineering, algorithmic espionage, and persistent threats.
A special edition for those who don't want to end up as ransomware fodder.
Ready to fight? Then read on. And above all… stay online.
Find out why 1M+ professionals read Superhuman AI daily.
In 2 years you will be working for AI
Or an AI will be working for you
Here's how you can future-proof yourself:
Join the Superhuman AI newsletter – read by 1M+ people at top companies
Master AI tools, tutorials, and news in just 3 minutes a day
Become 10X more productive using AI
Join 1,000,000+ pros at companies like Google, Meta, and Amazon that are using AI to get ahead.
Highlights :
👉 French Newsrooms vs. Cyberattacks: A Losing Battle? 📰
👉 AI Enters the Arena: When Hackers and Experts Both Arm Themselves with ChatGPT 🤖
👉 AI Search Engines Are Spying on You (And You Don't Even Know It) 🔍
👉 Podcast or Pitfall? The New Ruse Targeting Executives Directly 🎙️
👉 GodRAT: The Return of the Phantom Trojan Against Trading Firms 🐀
If this letter was forwarded to you, subscribe by clicking this link
🗞️ Guess what ?
Journalists are now being trained in cybersecurity practices, just like they are in web writing. This has become a necessity as ransomware attacks on French media multiply.
AI is used both to detect vulnerabilities and to launch attacks like phishing or identity theft. But its reliability remains questionable.
The National Cybersecurity Agency (ANCS) is warning about the use of AI search engines, highlighting their weak security and the risk of sensitive data leaks. It recommends certified platforms and digital hygiene practices.
A formidable scam is targeting executives and influencers through fake podcasts. The goal? To gain remote access to their machines to hijack their accounts.
A new Trojan, named GodRAT, is infecting financial firms via booby-trapped screensaver files. Based on old code from 2008, it shows just how effective yesterday's tools remain today.
🤓 Would you like to know more?
1️⃣ French Newsrooms vs. Cyberattacks : A Losing Battle ?
Summary : French newsrooms have become prime targets for cybercriminals, whether motivated by money or political goals. Faced with increasingly sophisticated attacks, media outlets are investing in cybersecurity: VPNs, training, cyber-insurance… But resources remain limited, cultural barriers are numerous, and budgets are often insufficient. The historic 2015 attack on TV5 Monde still illustrates the trauma of a newsroom paralyzed overnight. Training, too often neglected, is becoming a major issue, as human error accounts for over 80% of attack vectors.
Details :
Attacks on the Rise: ANSSI (France's national cybersecurity agency) noted a 15% increase in attacks in 2024. The media is particularly exposed, especially to ransomware.
A Heavy Toll : Attacks have continued, with severe financial and operational consequences. Victims include TV5 Monde, M6, Ouest-France, and Libération.
Tools in Place: Media outlets are investing in tools like VPNs, antivirus software, and password managers, as well as cyber-insurance and secure platforms like SwissTransfer to protect data exchanges.
Deficient Training: Lack of time prevents journalists from getting trained. Yet, security experts consider awareness crucial.
Constrained Budgets: Investments remain timid (5 to 6% of the IT department's budget) but are essential when facing organized and well-funded groups.
What should be remembered ?
Media outlets must react quickly, as they have become both symbolic and technical targets. Cybercriminals exploit their visibility to strike hard, but without sustained training and investment, their resilience remains fragile.
—————————————————————————
2️⃣ AI Enters the Arena : When Hackers and Experts Both Arm Themselves with ChatGPT
Summary : AI is a game-changer in cybersecurity. Used by both cyber defenders and hackers, it has become a force multiplier. From code generation to identity theft via deepfakes, tools like ChatGPT are at the heart of a new digital war. However, their use remains controversial: few real vulnerabilities have been discovered, a lot of "noise" is generated, and there are risks of disinformation. Projects like Xbow show a possible future, but experts urge caution regarding the real impact of AI in the field.
Details :
Dual Use : AI is used by attackers to create malicious code or generate phishing content, but also by analysts to automate detection.
Xbow on HackerOne : This AI reached the top of the leaderboard before the platform separated humans from AIs, signaling its real effectiveness… or its cunning.
Risk of Saturation: Experts like Daniel Stenberg (creator of curl) are calling out the massive quantity of useless reports generated by AI.
Hybrid Threats : North Korean hackers are using AI to create fake profiles and infiltrate Western tech companies.
Amplification Effect : While AI may not find innovative vulnerabilities on its own, it accelerates compromise campaigns and information-gathering operations.
What should be remembered?
AI in cybersecurity is a double-edged sword: it speeds up analysis but also increases noise and risks. Its future will depend on our ability to regulate its uses without stifling innovation.
——————————————————————
3️⃣ AI Search Engines Are Spying on You (And You Don't Even Know It)
Summary : The National Cybersecurity Agency (ANCS) is warning against the unregulated use of AI search engines. These platforms, often seen as convenient, can become vectors for sensitive information leaks. Entering a password or an identification number into these tools exposes users to hacking risks. The ANCS reiterates the importance of choosing secure services, reading privacy policies, and adopting simple habits to limit the collection and exploitation of personal data.
Details:
Sensitive Data: Avoid entering passwords, social security numbers, banking details, or medical data.
Preferred Platforms: Opt for search engines with clear and transparent policies that are certified or recognized.
Secure Browsing: Use incognito mode, regularly delete your history, and monitor your search terms.
Links and Phishing: Do not click on suspicious results. AI search engines can sometimes index fraudulent sites.
Active Privacy : Use integrated data management tools to better control your digital footprint.
What should be remembered?
AI search engines are not neutral. Their efficiency masks significant risks of leaks and manipulation. Vigilance, digital hygiene, and active privacy management are essential.
————————————————————-
4️⃣ Podcast or Pitfall ? The New Ruse Targeting Executives Directly
Summary : A new scam is plaguing the professional world: fake celebrity podcasts. Behind an enticing offer of an interview and payment lies an attempt to intrude via remote access software. The goal: to steal credentials, compromise company accounts, and break into IT systems. The Better Business Bureau (BBB) is warning about this stratagem, which now targets executives and managers using classic social engineering techniques.
Details:
The Bait: A fake podcast team contacts professionals, offering them an interview and $2000 for their testimony.
The Trap: The "technical test" stage is used to get the target to install remote access software.
The Theft: The attackers retrieve credentials and take control of sensitive accounts.
Expanded Targets: It's no longer just influencers being targeted, but executives and industry specialists.
Prevention: Verifying emails, being cautious with unsolicited offers, and training in social engineering are recommended.
What should be remembered?
Cybercriminals are becoming increasingly creative to deceive the most strategic targets. The fake podcast scam shows how social engineering remains the most formidable weapon in modern cyber warfare.
5️⃣ GodRAT : The Return of the Phantom Trojan Against Trading Firms
Summary : A new Trojan named GodRAT is targeting trading companies via Skype and booby-trapped SCR files. This malware, based on the old Gh0st RAT code, uses steganography to hide shellcode in images. It is capable of stealing files, injecting malicious payloads, and exfiltrating browser passwords. Identified by Kaspersky, this modular Trojan illustrates the disturbing longevity of certain codebases used by APT groups, notably Winnti.
Details:
Infection Technique: Victims receive SCR (screensaver) files via Skype, allegedly related to financial documents.
Steganography: Shellcode is hidden in JPG images, which triggers the download of GodRAT from a C2 server.
Functionalities: It uses techniques like espionage, command execution, data exfiltration, and the delivery of secondary trojans like AsyncRAT.
Geographic Targeting: Attacks have been observed in Hong Kong, the United Arab Emirates, Malaysia, Lebanon, and Jordan.
Origin: The malware is an evolution of AwesomePuppet, linked to the APT41 (Winnti) group, with its source code recently found on VirusTotal.
What should be remembered?
Old malicious codes like Gh0st RAT are being recycled to attack high-value financial targets. The combination of modern techniques (steganography) with proven code makes these threats particularly effective and persistent.
⚙️ Digital Combat Ops
🛡️ Corporate Antivirus : Your First Line of Defense Against Digital Chaos
A high-performance antivirus acts as an active shield against cyber threats: viruses, trojans, ransomware, and other malware. It scans files, suspicious behaviors, and network traffic in real time to block any intrusion attempt.
Thanks to behavioral analysis and machine learning, it can detect the latest attacks, even unknown ones (zero-day). When a threat is identified, it is immediately quarantined, neutralized, and deleted. This not only protects sensitive data but also ensures business continuity and the stability of critical systems.
To get the most out of an antivirus, you must keep it updated, schedule regular scans, combine it with other defenses (firewall, network segmentation), and educate employees about the risks.
LIEUTENANT’S REPORT 🏆
CrowdStrike — The Falcon That Hunts AI Cyber-Spies
CrowdStrike is an American company specializing in proactive cybersecurity, founded in 2011. Its flagship product, Falcon, is built on a cloud-native architecture capable of detecting, preventing, and responding to threats on endpoints and servers in real time.
Used by many Fortune 500 companies, CrowdStrike is recognized for its effectiveness in hunting APTs and its ability to analyze billions of events per day.
Highlight :
In 2025, CrowdStrike alerted the community to a sophisticated North Korean operation using generative AI to deceive the recruitment processes of large tech companies.
Falsified profiles—resumes, social media, video interviews—were created via AI to infiltrate companies and access sensitive data. Once hired, the sleeper agents also used AI to interact with their colleagues and produce code.
Thanks to Falcon's behavioral detection tools, several cases were spotted in time, preventing massive information leaks.
CYBERTRIVIA - DID YOU KNOW? 🤔
💡 35% of cyberattacks have exploited recent techniques since the pandemic
Before the health crisis, only 1 in 5 attacks used emerging technologies. Since Covid, that figure has risen to 35%. Hackers have taken advantage of the instability to experiment with modern approaches like advanced phishing, fake AI profiles, and multi-stage ransomware.
The result: insurers are revising their models, premiums are skyrocketing, and SMEs are struggling to protect themselves. The cyber-insurance landscape is transforming, mirroring the threat itself—faster, more targeted, and ever harder to anticipate.
SURVEY 📊
🚨 In your opinion, what is the most urgent threat to address in cybersecurity today? |
👉️ Let me know if you need further adjustments !
Don't miss any crucial cybersecurity news! Subscribe now to our newsletter to receive in-depth analysis, expert advice, and stay informed about the latest threats and solutions to protect your business. 'This is for all the newcomers: I have only one rule. Everyone fights. No one quits.
