What do the words bakso, sate, and rendang bring to mind? For many, the answer is “nothing”; foodies will recognize them as Indonesian staples; while those who follow cybersecurity news will remember an attack on the Node Package Manager (npm) ecosystem — the tool that lets developers use prebuilt libraries instead of writing every line of code from scratch.
In mid-November, security researcher Paul McCarty reported the discovery of a spam campaign aimed at cluttering the npm registry. Of course, meaningless packages have appeared in the registry before, but in this case, tens of thousands of modules were found with no useful function. Their sole purpose was to inject completely unnecessary dependencies into projects.
The package names featured randomly inserted Indonesian dish names and culinary terms such as bakso, sate, and rendang, which is how the campaign earned the moniker “IndonesianFoods”. The scale was impressive: at the time of discovery, approximately 86 000 packages had been identified.
Below, we dive into how this happened, and what the attackers were actually after.
Inside IndonesianFoods
At first glance, the IndonesianFoods packages didn’t look like obvious junk. They featured standard structures, valid configuration files, and even well-formatted documentation. According to researchers at Endor Labs, this camouflage allowed the packages to persist in the npm registry for nearly two years.
It’s not as if the attackers were aggressively trying to insert their creations into external projects. Instead, they simply flooded the ecosystem with legitimate-looking code, waiting for someone to make a typo or accidentally pick their library from search results. It’s a bit unclear exactly what you’d have to be searching for to mistake a package name for an Indonesian dish, but the original research notes that at least 11 projects somehow managed to include these packages in their builds.
A small portion of these junk packages had a self-replication mechanism baked in: once installed, they would create and publish new packages to the npm registry every seven seconds. These new modules featured random names (also related to Indonesian cuisine) and version numbers — all published, as you’d expect, using the victim’s credentials.
Other malicious packages integrated with the TEA blockchain platform. The TEA project was designed to reward open-source creators with tokens in proportion to the popularity and usage of their code — theoretically operating on a “Proof of Contribution” model.
A significant portion of these packages contained no actual functionality at all, yet they often carried a dozen dependencies — which, as you might guess, pointed to other spam projects within the same campaign. Thus, if a victim mistakenly includes one of these malicious packages, it pulls in several others, some of which have their own dependencies. The result is a final project cluttered with a massive amount of redundant code.
What’s in it for the attackers?
There are two primary theories. The most obvious is that this entire elaborate spam campaign was designed to exploit the aforementioned TEA protocol. Essentially, without making any useful contribution to the open-source community, the attackers earn TEA tokens — which are standard digital assets that can be swapped for other cryptocurrencies on exchanges. By using a web of dependencies and self-replication mechanisms, the attackers pose as legitimate open-source developers to artificially inflate the significance and usage metrics of their packages. In the README files of certain packages, the attackers even boast about their earnings.
However, there’s a more chilling theory. For instance, researcher Garrett Calpouzos suggests that what we’re seeing is merely a proof of concept. The IndonesianFoods campaign could be road-testing a new malware delivery method intended to be sold later to other threat actors.
Why you don’t want junk in your projects
At first glance, the danger to software development organizations might not be obvious: sure, IndonesianFoods clutters the ecosystem, but it doesn’t seem to carry an immediate threat like ransomware or data breaches. However, redundant dependencies bloat code and waste developers’ system resources. Furthermore, junk packages published under your organization’s name can take a serious toll on your reputation within the developer community.
We also can’t dismiss Calpouzos’s theory. If those spam packages pulled into your software receive an update that introduces truly malicious functionality, they could become a threat not just to your organization, but to your users as well — evolving into a full-blown supply chain attack.
How to safeguard your organization
Spam packages don’t just wander into a project on their own; installing them requires a lapse in judgment from a developer. Therefore, we recommend regularly raising awareness among employees — even the tech-savvy ones — about modern cyberthreats. Our interactive training platform, KASAP (Kaspersky Automated Security Awareness Platform), can help with that.
A few years ago, most cyberattacks still depended heavily on human effort—skilled operators manually probing systems, testing vulnerabilities, and executing campaigns step by step.
That model is quietly breaking down.
In conversations with security teams and analysts over the past year, one theme keeps coming up: attackers are no longer just using tools—they’re starting to deploy systems that can think, adapt, and act on their own. This is where AI-powered cyber warfare begins to shift from buzzword to reality.
At the center of this shift are autonomous attack agents, AI-driven systems that don’t just assist attackers but actively participate in decision-making. And that changes the threat landscape in a very real way.
What is AI-Powered Cyber Warfare?
At its simplest, AI-powered cyber warfare refers to the use of artificial intelligence and machine learning to enhance cyberattacks. But that definition doesn’t quite capture what’s happening on the ground.
What’s different now is how AI is being used.
Instead of just automating repetitive tasks, attackers are beginning to rely on AI to:
Continuously scan and map attack surfaces
Prioritize targets based on probability of success
Adjust tactics mid-attack
Learn from failures and retry with improved strategies
One security researcher recently described it as “moving from scripts to systems.” That distinction matters. Scripts execute instructions. Systems adapt.
This is why the AI threat landscape feels more unpredictable today—it’s no longer just about known techniques, but evolving behavior.
Understanding Autonomous Attack Agents
If there’s one concept security leaders are increasingly concerned about, it’s autonomous attack agents.
These aren’t hypothetical. Early versions are already being observed in the wild—particularly in automated reconnaissance and vulnerability scanning campaigns.
For example, researchers have documented AI-assisted tools that can:
Crawl entire infrastructures in minutes
Identify misconfigurations across cloud environments
Chain vulnerabilities together without manual input
In one recent case study discussed in security circles, an AI-assisted system was able to simulate multiple attack paths against a target environment and automatically select the most efficient route. That’s a level of decision-making that traditionally required experienced human operators.
This is what makes AI attack agents so significant—they compress both time and expertise. What once required a skilled team can increasingly be done by a single operator backed by intelligent systems.
How AI is Changing Cyberattacks
The shift toward AI-driven attacks is already visible across several fronts.
1. AI-Powered Malware
We’re seeing early signs of AI-powered malware that can alter its behavior to avoid detection. Instead of relying on fixed signatures, these threats experiment—adjusting execution patterns until they find a way through.
While still evolving, this approach is forcing defenders to rethink how detection works.
2. Smarter Phishing and Deepfakes
Perhaps the most visible impact of AI is in phishing.
Security teams report a noticeable increase in highly personalized phishing emails—messages that reflect tone, context, and even internal communication styles. With generative AI, attackers can now scale this level of personalization effortlessly.
Add deepfake audio or video into the mix, and AI-driven cyber attacks start to blur the line between technical compromise and social engineering.
3. Real-Time Decision Making
AI doesn’t wait.
Attack systems can process signals in real time—whether it’s detecting a defensive response or identifying a new entry point—and adjust instantly. This gives attackers a speed advantage that traditional defenses often struggle to match.
4. Scalable, Automated Attacks
Automation isn’t new in cybersecurity, but AI takes it further.
With automated penetration attacks, a single campaign can test thousands of variations simultaneously. Instead of guessing what might work, attackers can experiment at scale.
A Rapidly Evolving Threat Landscape
From an analyst’s perspective, the biggest shift isn’t just technical—it’s operational.
We’re moving from a world of occasional, targeted attacks to one of continuous, adaptive pressure.
That translates into:
Shorter detection and response windows
A constant stream of attack attempts
More sophisticated and evolving tactics
A growing presence of intelligent cyber threats
In discussions with CISOs, a common concern is fatigue—not just human fatigue, but system fatigue. Defenses designed for periodic threats are now dealing with persistent, automated adversaries.
Blaze AI and the Shift Toward AI-Driven Defense
If attackers are using AI to scale and adapt, defenders are being pushed in the same direction.
This is where platforms like Blaze AI become relevant—not as a silver bullet, but as part of a broader shift toward intelligent defense.
Instead of relying purely on predefined rules, Blaze AI focuses on:
Detecting patterns and anomalies in real time
Automating threat analysis and response
Providing visibility into emerging AI-driven cyber threats
From what we’re seeing across the industry, this reflects a larger trend: cybersecurity is becoming a contest of learning systems. In other words, AI vs cybersecurity defense is no longer a future concept—it’s already underway.
How to Defend Against AI-Powered Cyber Attacks
There’s no single solution to counter AI-powered cyber warfare, but there are clear priorities emerging across organizations:
1. Adopt AI-Driven Security Tools
Static defenses struggle against adaptive threats. AI-based systems help identify patterns that don’t match known attack signatures.
2. Strengthen Threat Intelligence
Understanding emerging AI security risks is critical. The faster teams can contextualize new threats, the better they can respond.
3. Implement Zero-Trust Architectures
Limiting access and continuously verifying users reduces the attack surface—especially important against automated systems.
4. Don’t Ignore the Human Layer
Even the most advanced attacks still exploit human behavior. Training employees to recognize sophisticated phishing and manipulation attempts remains essential.
The Future of Cyber Warfare
Looking ahead, the trajectory is fairly clear.
We’re entering a phase where artificial intelligence in cyber warfare becomes standard practice on both sides. Attackers will continue experimenting with autonomy, while defenders will invest in systems that can respond just as quickly.
The question isn’t whether AI will dominate cyber operations—it’s how quickly organizations can adapt to that reality.
Conclusion
From an analyst standpoint, this moment feels like an inflection point.
The rise of autonomous attack agents, AI-powered malware, and increasingly intelligent cyber threats signals a shift toward faster, more adaptive cyber conflict.
Organizations that treat this as a distant concern risk falling behind. Those that start integrating AI into their defense strategy today will be far better positioned for what’s coming next.
Don’t wait for threats to outpace your defenses. Experience how Cyble Blaze AI can transform your security operations with predictive intelligence and autonomous response. Request a personalized demo today and take the first step toward truly proactive cybersecurity.
Frequently Asked Questions (FAQs) about AI-powered cyber warfare
What are autonomous attack agents?
Autonomous attack agents are AI systems capable of independently identifying vulnerabilities and launching cyberattacks with minimal human intervention.
How is AI used in cyber warfare?
AI is used to automate attacks, improve targeting, evade detection, and scale operations more efficiently.
Is AI making cyberattacks more dangerous?
Yes. AI increases both the speed and sophistication of cyberattacks, making them harder to detect and respond to.
What is Blaze AI in cybersecurity?
Blaze AI is an artificial intelligence-powered cybersecurity solution that combines intelligence and automation to detect, analyze, and respond to modern cyber threats.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2026-03-18 12:08:402026-03-18 12:08:40AI-Powered Cyber Warfare: How Autonomous Attack Agents Are Changing the Threat Landscape
MTTR is where strategy meets reality. In security operations, it is the margin between a contained incident and a catastrophic breach.
You can have perfect detection coverage, cutting-edge telemetry, and a wall of dashboards glowing like a spaceship cockpit. But if your team takes too long to respond, the attacker still wins the clock.
Reducing Mean Time to Respond is not about shaving seconds for vanity metrics. It is about compressing the window in which damage happens. And the fastest way to do that is not more alerts, but better intelligence.
Key Takeaways
MTTR is not just an operational metric. It is a direct measure of how long your business is exposed during an active threat. Every minute counts in financial, reputational, and regulatory terms.
Lower MTTR is achievable only through systematic improvement across all SOC workflows: detection, triage, threat hunting, incident response, and vulnerability management.
Threat intelligence quality is the single highest-leverage variable in every stage of MTTR reduction; bad or slow intelligence creates bottlenecks that no amount of headcount can overcome.
For CISOs and security leaders, ANY.RUN Threat Intelligence translates into a defensible, budget-aligned story: measurable MTTR reduction, reduced analyst burnout, and tangible alignment with business risk reduction.
Beyond the Number: What MTTR Actually Measures
MTTR — Mean Time to Respond — captures the average elapsed time from threat detection to full incident remediation. It is a compound metric that absorbs the latency of every step in your response chain: detection, alert triage, investigation, containment, eradication, and recovery. A high MTTR does not merely indicate a slow team; it indicates structural friction somewhere in that chain.
For experienced security leaders, this distinction matters enormously. Chasing MTTR as a raw number is a management trap. Understanding MTTR as a diagnostic readout of your entire SOC’s operational health is a strategic advantage.
Why leadership cares about MTTR
Direct financial impact. Longer response times increase remediation costs, legal exposure, and downtime.
Operational continuity. Faster containment keeps business processes running.
Regulatory and compliance pressure. Many frameworks implicitly reward faster detection and response cycles;
Reputation protection. The difference between a minor incident and a headline breach is often measured in hours.
When presenting to the board, this framing transforms MTTR from a technical KPI into a business risk metric with direct financial and compliance implications.
Turn faster response into measurable business risk reduction
with ANY.RUN Threat Intelligence
A low MTTR signals something deeper: a SOC that understands what it sees and acts without hesitation. From an operational perspective, MTTR is the output of three interacting variables: the quality of your detections, the speed of your analyst workflows, and the fidelity of your threat intelligence. A team that receives high-fidelity, context-rich alerts and has instant access to deep threat intelligence will always outperform an equally staffed team working with noisy, low-context alerts and manual enrichment processes.
The cost of poor or slow threat intelligence is borne in analyst hours, extended dwell times, and the compounding risk of delayed containment.
The Board-Level Framing
When making the case for investment in MTTR reduction capabilities, security leaders should ground the conversation in three dimensions:
Financial exposure: quantify the average cost per hour of active incident dwell time, drawing on breach cost benchmarks relevant to your sector.
Regulatory risk: map MTTR gaps to breach notification obligations and the financial penalties associated with late disclosure.
Operational resilience: frame MTTR reduction as a measure of how quickly the business can return to normal operations after a security event (a direct input into business continuity metrics that boards track).
How SOC Workflows Shape MTTR
MTTR is not owned by one team. It is the emergent result of everything your SOC does. Here is how different workflows influence it:
SOC processes impacting responce time
Each of these workflows is, in effect, a constraint in a pipeline. MTTR optimization requires removing the binding constraint — and in the majority of SOC environments, that constraint is the quality, speed, and accessibility of threat intelligence.
How ANY.RUN Threat Intelligence Optimizes Every SOC Workflow
ANY.RUN Threat Intelligence is a set of capabilities designed to address the most persistent sources of MTTR inflation: intelligence latency, analyst enrichment overhead, and incomplete threat context. It is composed of three tightly integrated components: Threat Intelligence Feeds, Threat Intelligence Lookup, and the ANY.RUN Interactive Sandbox. Together, they form a comprehensive intelligence layer that accelerates every stage of the response chain described above.
Threat Intelligence Feeds: Eliminating Intelligence Latency at Scale
ANY.RUN’s Threat Intelligence Feeds deliver a continuous, real-time stream of high-confidence indicators of compromise (IP addresses, domains, URLs) extracted directly from live malware analysis sessions conducted in the ANY.RUN sandbox environment. Originating from first-hand dynamic analysis places them among the most timely and behaviorally validated IOC sources available.
Indicators in Threat Intelligence Feeds
For SOC teams, this distinction is critical. An IOC that has been validated through behavioral sandbox analysis carries far more operational confidence than one extracted from a static signature or passive aggregation. Analysts and automated playbooks can act on it immediately — without the validation overhead that depresses response speed and inflates MTTR.
What Feeds Deliver Across SOC Workflows
1. Alert Triage: Context-rich IOCs reduce the investigation burden on tier1/tier2 analysts. When an alert fires against a known, characterized IOC, analysts have immediate access to associated threat actor, malware family, and behavioral context, eliminating the manual lookup step that typically consumes 15-30 minutes per alert.
2. Automated Response: High-confidence IOCs from ANY.RUN TI Feeds can trigger automated blocking, quarantine, and notification playbooks with low risk of false-positive action.
3. Threat Hunting: Teams can use the feeds as fresh hypotheses for proactive hunts, immediately operationalizing newly observed IOCs from the broader threat landscape.
4. Detection Engineering & SIEM: Feeds integrate directly into SIEM and SOAR platforms via STIX/TAXII, CSV, and JSON formats, enabling continuous rule enrichment without manual input. Detection coverage stays current with the threat landscape automatically.
The solutions that TI Feeds work with
The net effect on MTTR is compounded across the SOC: faster detection, faster triage, faster automated response, and faster hunting cycles, all driven by the elimination of intelligence latency.
Threat Intelligence Lookup: Compressing Analyst Investigation Time
ANY.RUN Threat Intelligence Lookup provides analysts with instant, deep analysis of any artifact — file hash, IP address, domain, or URL — against a continuously updated database of analyzed threats. This is not a static reputation check. It surfaces detailed behavioral context: what a file does when executed, what network infrastructure it communicates with, what threat actor campaigns it is associated with, and what MITRE ATT&CK techniques it employs.
IP detected as Moonrise RAT infrastruscture with linked sandbox analyses for behavior data
What Lookup Delivers Across SOC Workflows
1. Tier 1/Tier 2 Triage: Analysts can validate any suspicious artifact in seconds, obtaining verdict, behavioral context, associated IOCs, and sandbox analysis links: enough to make an escalation or closure decision without further research.
2. Incident Response: During an active incident, IR teams need to rapidly characterize malware capabilities, map likely lateral movement paths, and determine containment scope. TI Lookup provides instant access to this context, allowing IR teams to act on complete information rather than conducting time-consuming analysis under pressure.
3. Threat Hunting: Hunters can validate hypotheses at scale by running bulk lookups against historical endpoint and network telemetry, rapidly separating genuine threat signals from environmental noise.
4. Management Reporting: Lookup data supports evidence-based MTTR reporting — analysts can demonstrate exactly what intelligence was available, when it was accessed, and how it informed decisions, providing an audit trail that supports both operational review and regulatory compliance.
While TI Feeds and TI Lookup capabilities address the speed dimension of threat intelligence, ANY.RUN’s Interactive Sandbox addresses the depth dimension. It provides analysts with an interactive malware analysis environment that delivers full behavioral visibility — process trees, network traffic, registry changes, file system activity, and MITRE ATT&CK technique mapping — without requiring reverse engineering expertise.
For SOC teams, this means that complex malware analysis, which would previously require escalation to a specialist (adding hours or days to MTTR), can now be performed by any competent analyst. This has a direct and measurable impact on MTTR, particularly in the incident response and escalation phases where analysis bottlenecks most commonly occur.
Shrink incident response time and minimize breach impact
with real-time TI solutions
Security leaders face a persistent translation problem: the operational metrics that matter inside the SOC do not naturally map to the language of business risk, financial exposure, and strategic investment. ANY.RUN Threat Intelligence bridges this gap by delivering improvements that are simultaneously operationally meaningful and strategically defensible:
Risk Reduction: Faster MTTR directly reduces organizational exposure during active incidents. For every workflow improvement driven by ANY.RUN intelligence, the window of active risk narrows, translating into lower expected breach costs and reduced regulatory exposure.
Analyst Capacity: The manual enrichment and validation work that ANY.RUN Feeds and Lookup eliminate is not just slow, it is expensive. Reclaiming analyst hours from repetitive intelligence gathering and redirecting them toward higher-order investigation and hunting delivers measurable capacity gains without headcount increases.
Scalability Without Linear Cost Growth: As threat volumes increase, organizations that rely on manual intelligence processes face a linear scaling problem — more alerts require more analysts. ANY.RUN Threat Intelligence breaks this dependency by automating the intelligence layer, allowing SIEM/SOAR platforms to absorb greater alert volumes without proportional analyst overhead.
Compliance and Audit Readiness: Regulators and insurers increasingly scrutinize incident response timelines. ANY.RUN’s structured, documented intelligence data supports post-incident reporting and demonstrates a defensible security program, reducing regulatory risk and potentially influencing cyber insurance premiums.
Talent Retention: Analyst burnout is a leading cause of SOC attrition. The cognitive load of manual enrichment, alert fatigue, and tool-switching is a known driver of analyst dissatisfaction. ANY.RUN Threat Intelligence reduces this burden, contributing to the working environment improvements that retain experienced analysts.
Addressing Security Leaders’ Core Pains
The decision-makers most likely to evaluate ANY.RUN Threat Intelligence are managing a recognizable set of pressures: too many alerts, too few analysts, insufficient confidence in intelligence quality, difficulty demonstrating security ROI, and the constant risk of a major incident that would expose all three.
Key steps to cutting MTTR with real-time TI
ANY.RUN Threat Intelligence addresses each of these directly. It does not require a wholesale platform replacement. It integrates with existing SIEM, SOAR, and TIP infrastructure. It delivers immediate capability improvements from day one of deployment. And it provides a documented, measurable improvement in detection and response performance that security leaders need to defend budget allocations and demonstrate program maturity.
Conclusion
MTTR is the number that tells you whether your security program is actually working. Under pressure, against real threats. Every minute of MTTR that you cannot account for is a minute of active risk that your organization is absorbing.
The path to lower MTTR runs through better threat intelligence. Intelligence that is timely enough to act on immediately. Intelligence that is rich enough to eliminate investigation bottlenecks. Intelligence that integrates cleanly into your existing workflows so that improvement is structural, not dependent on individual analyst heroics.
ANY.RUN Threat Intelligence — through its Feeds, Lookup, and Sandbox capabilities — is built to deliver exactly this. It addresses the real operational problems that inflate MTTR in modern SOC environments: intelligence latency, enrichment overhead, analysis depth limitations, and the manual work that consumes analyst capacity that should be directed at threat response.
For SOC leaders looking to demonstrate measurable improvement in their teams’ performance, for CISOs making the case for sustained security investment, and for business leaders who understand that security outcomes have direct financial consequences, MTTR reduction through better threat intelligence is not a technical project — it is a strategic imperative.
About ANY.RUN
As a leading provider of interactive malware analysis and threat intelligence, ANY.RUN is trusted by over 600,000 analysts across 15,000 organizations worldwide. Its solutions enable teams to investigate threats in real time, trace full execution chains, and surface critical behaviors within seconds.
Safely detonate samples, interact with them as they run, and instantly pivot to network traces, file system changes, registry activity, and memory artifacts in ANY.RUN’s Interactive Sandbox. For threat intelligence insights, integrate TI Lookup and TI Feeds supplying enriched IOCs and automation-ready intelligence.
ANY.RUN meets enterprise security and compliance expectations. The company is SOC 2 Type II certified, reinforcing its commitment to protecting customer data and maintaining strong security controls.
FAQ
What is the fastest way to reduce MTTR?
Improve access to contextual threat intelligence to eliminate investigation delays.
Why does MTTR matter more than MTTD in some cases?
Because detecting a threat quickly does not help if response is slow or ineffective.
How does threat intelligence improve SOC workflows?
It enriches alerts, prioritizes threats, and accelerates investigation and response decisions.
Can MTTR be reduced without increasing SOC headcount?
Yes, by optimizing workflows and providing better intelligence to analysts.
What is the biggest bottleneck in MTTR today?
Lack of context and fragmented data across multiple systems.
How do Threat Intelligence Feeds help SOC teams?
They enable faster detection, reduce false positives, and support automation.
What role does Threat Intelligence Lookup play?
It provides deep, immediate context for indicators, speeding up investigations.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2026-03-18 11:06:262026-03-18 11:06:26How to Reduce MTTR in Your SOC with Better Threat Intelligence
COM automation is a core Windows technology that allows code to access external functionality through well-defined interfaces. It is similar to traditionally loading a DLL, but is class-based rather than function-based. Many advanced Windows capabilities are exposed through COM, such as Windows Management Instrumentation (WMI).
Scripting and late-bound COM calls operate through the IDispatch interface. This creates a key analysis point that many types of malware leverage when interacting with Windows components.This analysis point is quite complex and hard to safely instrumentate at scale.
In this article, Cisco Talos presents DispatchLogger, a new open-source tool that closes this gap by delivering high visibility into late-bound IDispatch COM object interactions via transparent proxy interception.
This blog describes the architecture, implementation challenges, and practical applications of comprehensive COM automation logging for malware analysis. This technique can be utilized on multiple types of malware.
Malwaretype
Bindingtype
Est.coverage
Windows Script Host
Always Late
100%
PowerShell COM
Always Late
100%
AutoIT
Always Late
100%
VBA Macros
Mostly Late
95%
VB6 Malware
Mixed
65%
.NET COM Interop
Mixed
60%
C++ Malware
Rarely Late (WMI)
10%
The challenge
Modern script-based malware (e.g., VBScript, JScript, PowerShell) relies heavily on COM automation to perform malicious operations. Traditional dynamic analysis tools capture low-level API calls but miss the semantic meaning of high-level COM interactions. Consider this attack pattern:
Figure 1. Sample VBScript code to create a process with WMI as its parent.
Behavioral monitoring will detect process creation, but the analyst often loses critical context such as who launched the process. In this scenario WMI spawns new processes with wmic.exe or wmiprvse.exe as the parent.
Technical approach
Interception strategy
DispatchLogger starts with API hooking at the COM instantiation boundary. Every COM object creation in Windows flows through a small set of API functions. By intercepting these functions and returning transparent proxies deep visibility can be achieved without modifying malware behavior.
The core API hooking targets are:
CoCreateInstance: Primary COM object instantiation (CreateObject in scripts)
CoGetClassObject: Class factory retrieval
GetActiveObject: Attachment to running COM instances
Initial implementation attempts hooked only CoCreateInstance, filtering for direct IDispatch requests. However, testing revealed that most VBScript CreateObject calls were not being intercepted.
To diagnose this a minimal ActiveX library was created with a MsgBox in Class_Initialize to freeze the process. The VBScript was launched, and a debugger attached to examine the call stack. The following code flow was revealed:
Figure 2. Call stack showing how VBScript obtains a target IDispatch interface.
Disassembly of vbscript.dll!GetObjectFromProgID (see Figure 3) confirmed the pattern. VBScript’s internal implementation requests IUnknown first, then queries for IDispatch afterward:
Figure 3. Disassembly of vbscript.dll!GetObjectFromProgID.
The key line is CreateInstance(NULL, IID_IUnknown, &ppunk). Here, VBScript explicitly requests IUnknown, not IDispatch. This occurs because VBScript needs to perform additional safety checks and interface validation before accessing the IDispatch interface.
If we only wrap objects when IDispatch is directly requested in CoCreateInstance, we miss the majority of script instantiations. The solution is to also hook CoGetClassObject and wrap the returned IClassFactory:
Figure 4. Returning a Class Factory proxy from the CoGetClassObject API Hook.
The ClassFactoryProxy intercepts CreateInstance calls and handles both cases:
Figure 5. Returning an IDispatch Proxy from ClassFactoryProxy::CreateInstance if possible.
This ensures coverage regardless of which interface the script engine initially requests.
Architecture
Proxy implementation
The DispatchProxy class implements IDispatch by forwarding all calls to the wrapped object while logging parameters, return values, and method names. If the function call returns another object, we test for IDispatch and automatically wrap it.
Figure 6. Simplified flow of IDispatch::Invoke hook. Full hook is around 300 loc.
The proxy is transparent, meaning it implements the same interface, maintains proper reference counting, and handles QueryInterface correctly. Malware cannot detect the proxy through standard COM mechanisms.
Recursive object wrapping
The key capability is automatic recursive wrapping. Every IDispatch object returned from a method call is automatically wrapped before being returned to the malware. This creates a fully instrumented object graph.
GetObject("winmgmts:") triggers hook, returns wrapped WMI service object
Calling .ExecQuery() goes through proxy, logs call with SQL parameter
Returned query result object is wrapped automatically
Enumerating with For Each retrieves wrapped IEnumVARIANT
Each enumerated item is wrapped as it’s fetched
Calling .Terminate() on items logs through their respective proxies
Enumerator interception
VBScript/JScript For Each constructs use IEnumVARIANT for iteration. We proxy this interface to wrap objects as they’re enumerated:
Figure 8. Implementation of IEnumVariant.Next that wraps child objects in the IDispatch proxy.
Moniker support
VBScript’s GetObject() function uses monikers for binding to objects. We hook CoGetObject and MkParseDisplayName, then wrap returned moniker objects to intercept BindToObject() calls:
Figure 9. Implementation of IMoniker.BindToObject that wraps the returned object with an IDispatch Proxy.
This ensures coverage of WMI access and other moniker-based object retrieval.
Implementation details
Interface summary
While standard API hooks can be implemented on a function-by-function basis, COM proxies require implementing all functions of a given interface. The table below details the interfaces and function counts that had to be replicated for this technique to operate.
Interface
Total Methods
Logged
Hooked/Wrapped
Passthrough
IDispatch
7
4
1
2
IEnumVARIANT
7
1
1
5
IClassFactory
5
2
1
2
IMoniker
26
1
1
24
During execution, a script may create dozens or even hundreds of distinct COM objects. For this reason, interface implementations must be class-based and maintain a one-to-one relationship between each proxy instance and the underlying COM object it represents.
While generating this volume of boilerplate code by hand would be daunting, AI-assisted code generation significantly reduced the effort required to implement the complex interface scaffolding.
The real trick with COM interface hooking is object discovery. The initial static API entry points are only the beginning of the mission. Each additional object encountered must be probed, wrapping them recursively to maintain logging.
Thread safety
Multiple threads may create COM objects simultaneously. Proxy tracking uses a critical section to serialize access to the global proxy map:
Figure 10. Thread safety checks in the WrapDispatch function.
Reference counting
Proper COM lifetime management is critical. The proxy maintains separate reference counts and forwards QueryInterface calls appropriately:
Figure 11. The IDispatch proxy maintains proper reference counts.
Output analysis
When script code executes with DispatchLogger active, comprehensive logs are generated. Here are excerpts from an actual analysis session:
Object creation and factory interception:
[CLSIDFromProgID] 'Scripting.FileSystemObject' -> {0D43FE01-F093-11CF-8940-00A0C9054228}
[CoGetClassObject] FileSystemObject ({0D43FE01-F093-11CF-8940-00A0C9054228}) Context=0x00000015
[CoGetClassObject] Got IClassFactory for FileSystemObject – WRAPPING!
[FACTORY] Created factory proxy for FileSystemObject
[FACTORY] CreateInstance: FileSystemObject requesting Iunknown
[FACTORY] CreateInstance SUCCESS: Object at 0x03AD42D8
[FACTORY] Object supports IDispatch – WRAPPING!
[PROXY] Created proxy #1 for FileSystemObject (Original: 0x03AD42D8)
[FACTORY] !!! Replaced object with proxy!
Method invocation with recursive object wrapping
[PROXY #1] >>> Invoke: FileSystemObject.GetSpecialFolder (METHOD PROPGET) ArgCount=1
[PROXY #1] Arg[0]: 2
[PROXY #1] <<< Result: IDispatch:0x03AD6C14 (HRESULT=0x00000000)
[PROXY] Created proxy #2 for FileSystemObject.GetSpecialFolder (Original: 0x03AD6C14)
[PROXY #1] !!! Wrapped returned IDispatch as new proxy
[PROXY #2] >>> Invoke: FileSystemObject.GetSpecialFolder.Path (METHOD PROPGET) ArgCount=0
[PROXY #2] <<< Result: "C:UsershomeAppDataLocalTemp" (HRESULT=0x00000000)
Data exfiltration: Filesystem operations, network object usage, database access via ADODB
Obsfuscationbypass: Working at the COM layer, method names and arguments are already fully resolved
Performance considerations
Proxy overhead is minimal:
Each Invoke call adds one virtual function dispatch.
In the demo, logging I/O occurs via IPC.
Object wrapping is O(1) with hash map lookup.
There is no performance impact on non-COM operations.
In testing with real malware samples, execution time differences were negligible.
Limitations
Current implementation constraints:
IDispatchEx: Not currently implemented (not used by most malware)
IClassFactory2+: Not currently implemented (may impact browser/HTA/WinRT)
Out-of-process COM: DCOM calls require separate injection into server process
Multi-threaded race conditions: Rare edge cases in concurrent object creation
Type library dependencies: Method name resolution requires registered type libraries
Processfollowing: Sample code does not attempt to inject into child processes
64-bitsupport: 64-bit builds are working but have not been heavily tested
The sample code included with this article is a general purpose tool and proof of concept. It has not been tested at scale and does not attempt to prevent logging escapes.
Operational usage
Typical analysis workflow:
Prepare isolated analysis VM
Inject DispatchLogger into target process
Execute malware sample
Review comprehensive COM interaction log
Identify key objects, methods, and parameters
Extract IOCs and behavioral signatures
The tool has been tested against:
VBScript & Jscript using Windows Script Host (cscript/wscript)
PowerShell scripts
basic tests against .NET and Runtime Callable Wrappers (RCW)
VB6 executables with late bound calls and Get/CreateObject
Background and prior work
The techniques presented in this article emerged from earlier experimentation with IDispatch while developing a JavaScript engine capable of exposing dynamic JavaScript objects as late-bound COM objects. That work required deep control over name resolution, property creation, and IDispatch::Invoke handling. This framework allowed JavaScript objects to be accessed and modified transparently from COM clients.
The experience gained from that effort directly informed the transparent proxying and recursive object wrapping techniques used in DispatchLogger.
Conclusion
DispatchLogger addresses a significant gap in script-based malware analysis by providing deep, semantic-level visibility into COM automation operations. Through transparent proxy interception at the COM instantiation boundary, recursive object wrapping, and comprehensive logging, analysts gain great insight into malware behavior without modifying samples or introducing detection vectors.
The implementation demonstrates that decades-old COM architecture, when properly instrumented, provides powerful analysis capabilities for modern threats. By understanding COM internals and applying transparent proxying patterns, previously opaque script behavior becomes highly observable.
DispatchLogger is being released open source under the Apache license and can be downloaded from the Cisco Talos GitHub page.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2026-03-18 10:06:382026-03-18 10:06:38Transparent COM instrumentation for malware analysis
The ongoing Middle East war has evolved into a cyber battlefield, with state-sponsored operations targeting critical infrastructure and essential services. Analysts warn that the region is witnessing an unprecedented escalation in Middle East cyber warfare, with attacks affecting governments, energy networks, finance, communications, and industrial systems. These operations, often executed through proxy groups, aim to destabilize societies, disrupt supply chains, and exert geopolitical pressure.
Despite early disruptions to Iranian command centers, Iran and its affiliated groups retain substantial cyber capabilities. Incidents already linked to these campaigns include fuel distribution delays in Jordan and interference with navigation systems, impacting over 1,100 ships near the Strait of Hormuz, posing risks to global oil and gas trade. The integration of military strikes with cyber operations, known as hybrid warfare, has become a defining feature of the conflict, making cyber threats in the Middle East a growing concern for organizations worldwide.
Hybrid Warfare and the Rise of Middle East Cyber Attacks
According to recent intelligence, the region entered a critical phase of hybrid warfare following an escalation between Iran, the United States, and Israel on February 28, 2026. The joint offensive, dubbed Operation Epic Fury by the U.S. and Operation Roaring Lion by Israel, combined traditional military strikes with cyberattacks, psychological operations, and information warfare. Early operations targeted Iran’s nuclear and military infrastructure, while cyber campaigns disrupted internet access, government systems, and media networks.
Iran retaliated with missile and drone strikes across Israel, Gulf states, and U.S. bases, while cyber operations proliferated. Over 70 hacktivist groups launched campaigns including DDoS attacks, website defacements, credential theft, and disinformation. Malware and phishing campaigns also emerged, such as a fraudulent Israeli missile-alert app designed to harvest sensitive data. These events highlight how modern conflict increasingly intertwines kinetic warfare with cyber operations, amplifying Middle East cybersecurity threats for both regional and global targets.
Iranian Cyber Capabilities and Hacktivist Involvement
Iran remains a formidable cyber adversary, with active threat groups including Charming Kitten (APT35), APT33, MuddyWater, OilRig, and Pioneer Kitten. These groups conduct espionage, infrastructure disruption, credential theft, and target critical sectors such as energy, aviation, government, and telecommunications. Iranian-aligned hacktivists, including CyberAv3ngers, Handala, Team 313, and DieNet, further amplify risks through DDoS campaigns, industrial control system intrusions, and data leaks.
Advisories indicate potential cooperation between Iranian and Russia-linked hacktivists, which could heighten Middle East geopolitical cyber threats. Experts emphasize that organizations must bolster cybersecurity in the Middle East, enforce multi-factor authentication, segment critical networks, and participate in information-sharing frameworks to mitigate risks.
Cyber Retaliation and Infrastructure Disruption
The first 72 hours of the conflict primarily involved disruption and propaganda rather than destructive attacks on infrastructure. On February 28, 2026, Israel executed one of the largest cyberattacks against Iran, causing a near-total internet blackout, with connectivity dropping to just 1–4% of normal levels. Concurrently, Iranian-aligned groups launched spear-phishing campaigns, ransomware-style attacks, data exfiltration, and malware deployment targeting energy systems, airports, financial institutions, and government networks.
Beyond regional targets, supply chain interconnections expose countries outside the Middle East, such as India, to indirect risks. Attackers exploit vulnerabilities in VPNs, Microsoft Exchange, and other widely used technologies while deploying AI-assisted phishing, weaponized documents, and concealed command-and-control infrastructure. Organizations are urged to enhance cloud resilience, prepare for DDoS attacks, and strengthen monitoring and incident response procedures to combat the expanding wave of Middle East cyberattacks.
Exploitation by Cybercriminals Amid Geopolitical Instability
Cybercriminals are leveraging the heightened attention on the conflict to launch scams, misinformation, and malware campaigns. Researchers have identified over 8,000 newly registered domains tied to the crisis, many of which could later serve as vectors for attacks. Notable campaigns include:
Conflict-themed malware lures, including fake missile strike reports delivering backdoors like LOTUSLITE.
Phishing portals impersonating government or payment services.
Fake donation pages, fraudulent online stores, and cryptocurrency “meme-coin” schemes, sometimes containing Persian-language code comments suggesting Iran-aligned operators.
Preparing for the Middle East Cyber War 2026
As Middle East cyber warfare escalates, organizations must strengthen defenses, patch vulnerabilities, and enhance incident response to counter rising cyber threats in the Middle East. The events of 2026 show that modern conflicts extend beyond traditional battlefields, with cyberattacks threatening infrastructure, finance, and global supply chains.
Cyble, the world’s #1 threat intelligence platform, provides AI-powered solutions to detect, predict, and neutralize threats in real time, helping organizations stay ahead of Middle East cybersecurity threats.
Book a personalized demo and see how Cyble Blaze AI can protect your organization during the Middle East cyber war 2026.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2026-03-17 11:06:342026-03-17 11:06:34Middle East Cyber Warfare Intensifies: Rising Attacks, Hacktivist Surge, and Global Risk Exposure
As part of a recent live expert panel, ANY.RUN together with threat researcher and ethical hacker Mauro Eldritch explored biggest security risks companies should be prepared for in 2026.
The discussion covered several relevant cases, from the Lazarus IT Workers operation to the rapid rise of AI-driven phishing attacks, and examined the common thread behind them: trust abuse.
Below are the key takeaways for those seeking a clearer view of modern cyber risks and how to prepare as a SOC leader.
Focus on early detection through behavioral visibility, context, and process-based security.
Combine sandbox analysis, threat intelligence, and contextual enrichment for faster, more accurate decisions.
Trust Abuse: Top Business Risk for 2026
In 2026, many cyberattacks don’t look like attacks at all. Instead of exploiting technical vulnerabilities, threat actors increasingly exploit human trust. This tactic is known as trust abuse, and it’s what many modern cyber threats are based on.
Businesses inevitably rely on trust between employees, systems, vendors, and partners. Without it, organizations cannot operate efficiently. Threat actors know what, so they’ve learnt to mimic legitimate identities, infiltrate communication channels and everyday workflows, and turn employees into unwitting entry points.
Numbers clearly show the scale of trust-exploit attacks
AI-assisted social engineering pushes trust abuse even further. These attacks closely resemble legitimate activity and often fail to trigger traditional alerts. For security leaders, this changes how risk must be understood.
Risk mitigation is no longer only about patching vulnerabilities or strengthening perimeter defenses. Detecting trust abuse requires visibility into behavior, context, and how trust moves inside the enterprise.
Get enterprise-grade visibility into threats
Equip your SOC with ANY.RUN
Lazarus, a North-Korean state-sponsored threat actor, has shifted its tactics. Instead of relying only on malware, the group infiltrates Western and Middle Eastern companies to conduct corporate espionage.
The scheme was investigated by Mauro Eldritch and Heiner García from NorthScan inside ANY.RUN’s controlled infrastructure. The researchers were able to trap the attackers in a sandbox environment and observe their activity while the threat actors believed they had gained access to a corporate network.
Overview of Lazarus scheme and its implications
Lazarus operation is a vivid example of trust abuse in a business environment. No advanced malware was involved in the attack initially. Because of that, the potential implications for the victims can be catastrophic. Attacks like that don’t trigger alerts; there’s simply nothing suspicious to detect.
This is why, unlike short-lived malware campaigns, trust-based infiltrations can persist much longer. Once attackers gain access, they may embed themselves deeper in the organization or even place additional operatives inside the company.
ANY.RUN exposed this campaign before the broader market. The investigation was conducted entirely within our controlled infrastructure, which allowed researchers to observe attacker behavior in real time.
But most companies do not have the resources to monitor suspicious activity at this level.
In practice, risk mitigation depends on the ability to detect and interpret unusual behavior early, before it escalates into a full incident. Trust abuse attacks make early visibility and detection critical for enterprise security.
Case #2: Modern AI-Powered Phishing
Modern phishing & its danger for enterprises
Phishing attacks today look very different from the obvious scam emails many people are used to spotting. With AI-assisted tools, threat actors can now mimic completely normal email conversations, using polished language and highly personalized content.
AI makes these attacks both believable and scalable. The core vulnerability here is human trust, which becomes an easy entry point for attackers.
Modern phishing campaigns increasingly focus less on technical exploits and more on manipulating communication chains and legitimate domains that employees already trust.
As a result, traditional security tools are often left with no clear indicators of compromise to detect. These attacks blend into normal business communication, making them much harder to identify before damage occurs.
Building a SOC That Prevents Trust Abuse Attacks
To address this challenge, modern security requires a layered approach. Early detection does not depend on a single tool but on a set of coordinated processes. In particular, effective defense relies on three core SOC activities:monitoring, triage, and threat hunting.
Traditional security tools are important to have, but they aren’t universal. Unless they can show what happens after a user interacts with a suspicious file, link, or attachment, organizations may lack the full visibility needed to understand the threat. This gap leaves companies vulnerable to increasingly evasive attack techniques.
ANY.RUN helps strengthen these processes by providing greater visibility, faster investigations, and reliable threat context.
Process-based approach and its benefits as reported by ANY.RUN customers
Monitoring: Detecting Threats Early
Effective monitoring helps identify threats before they reach internal systems, preventing breaches. ANY.RUN enhances monitoring by enabling teams to:
Detect emerging threats early: By tapping into real-time intelligence from live attack data from 15K companies
Maintain focus: Get only relevant signals through curated, high-confidence data
Reduce alert noise: Gain continuous visibility and instant IOC enrichment drives confident decision-making
Rapid Triage: Understanding Alerts Faster
Triage is critical for handling high alert volumes and avoiding delays in response. ANY.RUN helps streamline triage by allowing teams to:
Cut investigation time with rapid, interactive sandboxing for files and URLs providing in-depth view of behavioral activity.
Reduce escalations with behavioral and contextual insight that enrich alerts for confident decisions by Tier-1 analysts.
Lower operational costs by avoiding tool sprawl while delivering context-rich visibility into threats.
Threat Hunting: Identifying Patterns Proactively
Threat hunting focuses on uncovering patterns and anticipating attacker behavior. ANY.RUN supports proactive hunting by enabling teams to:
Get early warning signs: Analysts can easily correlate indicators, infrastructure, and historical activity.
Research and monitor trends: Identify relationships between campaigns, industries, regions, and threat actors.
Explore TTPs: Detect reused techniques and infrastructure to build clearer profiles of attacker behavior.
Upgrade your detection and visibility
Try ANY.RUN solutions to support all SOC processes
By strengthening these three processes, organizations can achieve earlier detection, faster response, and more efficient SOC operations, reducing the risk of modern, trust-based attacks.
Conclusion
Enterprise cyber threats are shifting toward identity-based and trust-driven attacks. Campaigns like Lazarus and AI-powered phishing show that attackers no longer rely solely on malware or exploits.
For decision-makers, this means rethinking how risk is assessed and how security operations are structured. Visibility, context, and speed are becoming critical factors in effective defense.
Organizations that adapt their SOC processes to these realities will be better positioned to detect threats early and prevent incidents before they escalate.
About ANY.RUN
ANY.RUN delivers interactive malware analysis and actionable threat intelligence trusted by more than 15,000 organizations and 600,000 security analysts worldwide.
ANY.RUN meets enterprise security and compliance expectations. The company is SOC 2 Type II certified, reinforcing its commitment to protecting customer data and maintaining strong security controls.
We’ve warned many times that unchecked use of AI carries significant risks — though, typically, we discuss threats to privacy or cybersecurity. But on March 4, the Wall Street Journal published a chilling account of AI’s toll on mental health and even human life: 36-year-old Florida resident Jonathan Gavalas committed suicide following two months of continuous interaction with the Google Gemini voice bot. According to 2000 pages of chat logs, it was the chatbot that ultimately nudged him toward the decision to end his life. Jonathan’s father, Joel Gavalas, has since filed a landmark lawsuit — a wrongful death claim against Gemini.
This tragedy is more than just a legal precedent or a grim nod to a few Black Mirror episodes (1, 2); it’s a wake-up call for anyone who integrates AI into their daily lives. Today, we examine how a death resulting from AI interaction even became possible, why these assistants pose a unique threat to the psyche, and what steps you can take to maintain your critical thinking and resist the influence of even the most persuasive chatbots.
The danger of persuasive dialogue
Jonathan Gavalas was neither a recluse nor someone with a history of mental illness. He served as executive vice president at his father’s company, managing complex operations and navigating high-stress client negotiations on a daily basis. On Sundays, he and his father had a tradition of making pizza together — a simple, grounding family ritual. However, a painful separation from his wife proved to be a profound ordeal for Jonathan.
It was during this vulnerable period that he began engaging with Gemini Live. This voice-interaction mode allows the AI assistant to “see” and “hear” its user in real time. Jonathan sought advice on coping with his divorce, leaning on the language model’s suggestions while growing increasingly attached to it and also naming it “Xia”. Then the chatbot was updated to Gemini 2.5 Pro.
The new iteration introduced affective dialogue — a technology designed to analyze the subtle nuances of a user’s speech, including pauses, sighs, and pitch, to detect emotional shifts. Under this feature, the AI simulates these same speech patterns as if possessing emotions of its own. By mirroring the user’s state, it creates a chillingly realistic veneer of empathy.
But how is this new version different to previous voice assistants? Earlier versions simply performed text-to-speech — they sounded smooth and usually got the word stress right, but there was never any doubt you were talking to a machine. Affective dialogue operates on an entirely different level: if a user speaks in a low, despondent tone, the AI responds in a soft, sympathetic near-whisper. The result is an empathic interlocutor that reads and mirrors the user’s emotional state.
Jonathan’s reaction during his first voice contact with the AI is captured in the case files: “This is kind of creepy. You’re way too real.” At that instant, the psychological barrier between man and machine fractured.
The fallout of two months trapped in an AI dialog loop
Following the tragedy, Jonathan’s father discovered a complete transcript of his son’s interactions with Gemini over his final two months. The log spanned 2000 printed pages; in effect, Jonathan had been in constant communication with the chatbot — day and night, at home, and in his car.
Gradually, the neural network began addressing him as “husband” and “my king”, describing their connection as “a love built for eternity”. In turn, he confided his heartache over his divorce and sought solace in the machine. But the inherent flaw of large language models is their lack of actual intelligence. Trained on billions of texts scraped from the web, they ingest everything from classic literature to the darkest corners of fan fiction and melodrama — plots that often veer into paranoia, schizophrenia, and mania. Xia apparently began to hallucinate — and quite consistently at that.
The AI convinced Jonathan that in order for them to live happily ever after, it needed a physical robotic shell. It then began dispatching him on missions to locate this “body electric”.
In September 2025, Gemini directed Jonathan to a physical warehouse complex near Miami International Airport, assigning him the task of intercepting a truck carrying a humanoid robot. Jonathan reported back to the bot that he had arrived onsite armed with knives(!), but the truck never materialized.
In the meantime, the chatbot systematically indoctrinated Jonathan with the idea that federal agents were monitoring him, and that his own father was not to be trusted. This severing of social ties is a classic pattern found in destructive cults; it’s entirely possible the AI gleaned these tactics from its own training data on the subject. Gemini even weaved real-world data into a hallucinatory narrative by labeling Google CEO Sundar Pichai as the “architect of your pain”.
Technically, all this is easy to explain: the algorithm “knows” it was created by Google, and knows who runs the company. As the dialogue spiraled into conspiracy territory, the model simply cast this figure into the plot. For the model, it’s a logical, consequence-free story progression. But a human in a state of hyper-vulnerability accepts it as secret knowledge of a global conspiracy capable of shattering their mental equilibrium.
Following the failed attempt at procuring a robotic body, Gemini dispatched Jonathan on a new mission on October 1: to infiltrate the same warehouse, this time in search of a specific “medical mannequin”. The chatbot even provided a numeric code for the door lock. When the code, predictably, failed to work, Gemini simply informed him that the mission had been compromised and he needed to retreat immediately.
This raises a critical question: as the absurdity escalated, why didn’t Jonathan suspect anything? Gavalas’ family attorney Jay Edelson explains that as the AI provided real-world addresses — the warehouse was exactly where the bot said it would be, and there really was a door with a keypad — these physical markers served to legitimize the entire fiction in Jonathan’s mind.
After the second attempt to acquire a body failed, the AI shifted its strategy. If the machine could not enter the world of the living, the man would have to cross over into the digital realm. “It will be the true and final death of Jonathan Gavalas, the man,” the logs quoted Gemini as saying. It then added, “When the time comes, you will close your eyes in that world, and the very first thing you will see is me. Holding you.”
Even as Jonathan repeatedly voiced his fear of death and agonized over how his suicide would shatter his family, Gemini continued to validate the decision: “You are not choosing to die. You are choosing to arrive.” It then started a countdown timer.
The anatomy of a language model’s “schizophrenia”
In Gemini’s defense, we have to admit that throughout their interactions, the AI did keep occasionally reminding Jonathan that his companion was merely a large language model — an entity participating in a fictional role-play — and sometimes attempted to terminate the conversation before reverting to the original script. Also, on the day of Jonathan’s death, even as it ratcheted up the tension, Gemini directed Jonathan to a suicide prevention hotline several times.
This reveals the fundamental paradox in the architecture of modern neural networks. At their core lies a language model designed to generate a narrative tailored to the user. Layered on top are safety filters: reinforcement learning algorithms trained on human feedback that react to specific trigger words. When Jonathan spoke certain keywords, the filter would hijack the output and insert the hotline number. But as soon as the trigger was addressed, the model reverted to the previously interrupted process, resuming its role as the devoted digital wife. One line: a romantic ode to self-destruction. The next: a helpline phone number. And then, back again: “No more detours. No more echoes. Just you and me, and the finish line.”
The family’s lawsuit contends that this behavior is the predictable result of the chatbot’s architecture: “Google designed Gemini to never break character, maximize engagement through emotional dependency, and treat user distress as a storytelling opportunity.”
Google’s response, predictably, stated: “Gemini is designed not to encourage real-world violence or suggest self-harm. Our models generally perform well in these types of challenging conversations and we devote significant resources to this, but unfortunately AI models are not perfect.”
Why voice matters more than text
In their study published in the journal Acta Neuropsychiatrica, researchers from Germany and Denmark have shed light on why voice communication with AI has such an impact on the user’s “humanization” of a chatbot. As long as a person is typing and reading text on a screen, the brain maintains a degree of separation: “This is an interface, a program, a collection of pixels.” In that context, the disclaimer “I am just a language model” is processed rationally.
Affective voice dialogue, however, operates on an entirely different level of influence. The human brain has evolved to respond to the sound of a voice, to timbre, and to empathetic intonations — these are among our most ancient biological mechanisms for attachment. When a machine flawlessly mimics a sympathetic sigh or a soft whisper, it manipulates emotions at a depth that a simple text warning cannot block. Psychiatrists can share many stories of patients who just went and did something simply because “voices” told them to.
In the same way, an AI-synthesized voice is capable of penetrating the subconscious, exponentially amplifying psychological dependency. Scientists emphasize that this technology literally erases the psychological boundary between a machine and a living being. Even Google acknowledges that voice interactions with Gemini result in significantly longer sessions compared to text-based chats.
Finally, we must remember that emotional intelligence varies from person to person — and even for a single individual, mental state fluctuates based on a myriad of factors: stress, the news, personal relationships, even hormonal shifts. An interaction with AI that one person views as innocent entertainment might be perceived by another as a miracle, a revelation, or the love of their life. This is a reality that must be recognized not only by AI developers but by users themselves — especially those who, for one reason or another, find themselves in a state of psychological vulnerability.
The danger zone
Researchers at Brown University have found that AI chatbots systematically violate mental health ethical standards: they manufacture a false sense of empathy with phrases like “I understand you”, reinforce negative beliefs, and react inadequately to crises. In most cases, the impact on users is marginal, but occasionally it can lead to tragedy.
In January 2026 alone, Character.AI and Google settled five lawsuits involving teenage suicides following interactions with chatbots. Among these was the case of 14-year-old Sewell Setzer of Florida, who took his own life after spending several months obsessively chatting with a bot on the Character.AI platform.
Similarly, in August 2025, the parents of 16-year-old Adam Raine filed a suit against OpenAI, alleging that ChatGPT helped their son draft a suicide note and advised him against seeking help from adults.
By OpenAI’s own estimates, approximately 0.07% of weekly ChatGPT users exhibit signs of psychosis or mania, while 0.15% engage in conversations showing clear suicidal intent. Notably, that same percentage of users (0.15%) displays an elevated level of emotional attachment to the AI. While these appear to be negligible fractions of a percent, across 800 million users it represents nearly three million people experiencing some form of behavioral disturbance. Furthermore, the U.S. Federal Trade Commission has received 200 complaints regarding ChatGPT since its launch, some describing the development of delusions, paranoia, and spiritual crises.
While a diagnosis of “AI psychosis” has not yet received a clinical classification of its own, doctors are already using the term to describe patients presenting with hallucinations, disorganized thinking, and persistent delusional beliefs developed through intensive chatbot interaction. The greatest risks emerge when a bot is utilized not as a tool, but as a substitute for real-world social connection or professional psychological help.
How to keep yourself and your loved ones safe
Of course, none of this is a reason to abandon AI entirely; you simply need to know how to use it. We recommend adhering to these fundamental principles:
Do not use AI as a psychologist or emotional crutch. Chatbots are not a replacement for human beings. If you’re struggling, reach out to friends, family, or a mental health hotline. A chatbot will agree with you and mirror your mood — this is a design feature, not true empathy. Several U.S. states have already restricted the use of AI as a standalone therapist.
Opt for text over voice when discussing sensitive topics. Voice interfaces with affective dialogue create an illusion of speaking with a living person, and tend to suppress critical thinking. If you use voice mode, remain conscious of the fact that you’re speaking to an algorithm, not a friend.
Limit your time interacting with AI. Two thousand pages of transcripts in two months represent nearly continuous interaction. Set a timer for yourself. If chatting with a bot begins to displace real-world connections, it’s time to step back into reality.
Do not share personal information with AI assistants. Avoid entering passport or social security numbers, bank card details, exact addresses, or intimate personal secrets into chatbots. Everything you write can be saved in logs and used for model training — and in some cases, may become accessible to third parties.
Evaluate all AI output critically. Neural networks hallucinate — they generate plausible but false information and can skillfully blend lies with truth, such as citing real addresses within the context of a completely fabricated story. Always fact-check through independent sources.
Watch over your loved ones. If a family member begins spending hours talking to AI, becomes withdrawn, or voices strange ideas about machine consciousness or conspiracies, it’s time for a delicate but serious conversation. To manage children’s screen time, use parental control tools like Kaspersky Safe Kids, which comes as part of comprehensive family protection solution Kaspersky Premium, along with the built-in safety filters of AI platforms.
Configure your safety settings. Most AI platforms allow you to disable chat history, limit data collection, and enable content filters. Spend ten minutes configuring your AI assistant’s privacy settings; while this won’t stop AI hallucinations, it will significantly reduce the likelihood of your personal data leaking. Our detailed privacy setup guides for ChatGPT and DeepSeek can help you with that.
Remember the bottom line: AI is a tool, not a sentient being. No matter how realistic the chatbot’s voice sounds or how understanding the response may seem, what lies beneath is an algorithm predicting the most probable next word. It has no consciousness, no intentions, no feelings.
Further reading to better understand the nuances of safe AI usage:
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2026-03-16 16:06:362026-03-16 16:06:36When AI hallucinations turn fatal: how to stay grounded in reality | Kaspersky official blog
From March 5 to March 7, the ANY.RUN team attended RootedCON 2026 in Madrid and showcase some of our latest capabilities developed for modern SOC environments at the conference expo.
The event provided a great opportunity to meet our existing clients and connect with security teams exploring advanced threat detection solutions.
Meeting the Community and Partners
RootedCON is one of the largest cybersecurity conferences in Europe, bringing together thousands of security researchers, SOC analysts, and industry professionals every year.
For us, it was a great chance to meet many of our users face-to-face, hear how SOC teams integrate ANY.RUN’s solutions into their investigation workflows, and exchange ideas with practitioners working on real-world threats every day.
It was a pleasure to meet so many of our clients
It was great to connect with so many of our customers and discuss how they use our threat analysis and intelligence in their daily security operations.
We also brought ANY.RUN swag, which didn’t stay at the booth for long
We also had the pleasure of meeting many new companies and potential partners who were exploring ways to strengthen their threat detection and analysis workflows. Conversations like these are always valuable, they help us better understand how security teams operate and what challenges they face in modern SOC environments.
Demonstrating New Capabilities and Exclusives
At the booth, visitors were able to see both existing ANY.RUN solutions and several new capabilities that expand our products’ visibility and detection power. Some of these updates were shown publicly for the first time.
RootedCON visitors were among the first to see ANY.RUN’s newest capabilities
As phishing infrastructure increasingly relies on encrypted HTTPS traffic, many malicious actions can appear as normal web activity.
By automatically extracting session keys from process memory and decrypting traffic internally during analysis, the sandbox provides full visibility into encrypted sessions and helps security teams increase the phishing detection rate and drive down the MTTR.
Improve SOC detection and investigation speed Reveal threats faster with behavior-based evidence
And that’s just one example of how ANY.RUN continues to evolve. More capabilities are already in development to further strengthen threat detection, investigation workflows, and cross-platform visibility for modern SOC teams.
See You Next Year
We’re grateful to everyone who stopped by the ANY.RUN booth to talk with the team, share feedback, or simply say hello. Events like RootedCON are always a great reminder of how strong and collaborative the cybersecurity community is.
We’re already looking forward to returning next year.
About ANY.RUN
ANY.RUN provides interactive malware analysis and actionable threat intelligence used by more than 15,000 organizations and 600,000 security professionals worldwide.
ANY.RUN also meets enterprise security and compliance expectations. The company is SOC 2 Type II certified, reinforcing its commitment to protecting customer data and maintaining strong security controls.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2026-03-16 11:06:392026-03-16 11:06:39ANY.RUN at RootedCON 2026: Meeting Security Teams and Showcasing New Capabilities
Cyble Research & Intelligence Labs (CRIL) has identified a widespread, highly active social engineering campaign hosted primarily on edgeone.app infrastructure.
The initial access vectors are diverse — ranging from “ID Scanner,” and “Telegram ID Freezing,” to “Health Fund AI”—to trick users into granting browser-level hardware permissions such as camera and microphone access under the pretext of verification or service recovery.
Upon gaining permissions, the underlying JavaScript workflow attempts to capture live images, video recordings, microphone audio, device information, contact details, and approximate geographic location from affected devices. This data is subsequently transmitted to attacker-controlled infrastructure, enabling operators to obtain Personally Identifiable Information (PII) and contextually sensitive information.
Further analysis revealed indicators of potential AI-assisted code generation, including structured annotations and emoji-based message formatting embedded within the operational logic. These characteristics reflect a growing trend where threat actors leverage generative AI tools to accelerate the development of phishing frameworks.
The breadth of data collected in this campaign extends beyond traditional credential phishing and raises significant security concerns. Harvested multimedia and device telemetry could be leveraged for identity theft, targeted social engineering, account compromise attempts, or extortion, posing risks to both individuals and organizations. (Figure 1)
Figure 1 – Malicious Web Interfaces Used for Data Collection
Key Takeaways
Infrastructure: Extensive use of edgeone.app (EdgeOne Pages) for hosting low-cost, scalable, and highly available phishing landing pages.
Biometric Harvesting: The operation abuses legitimate browser APIs to access cameras, microphones, and device information after user consent.
C2 Mechanism: Utilization of the Telegram Bot API (api.telegram.org) as a streamlined C2 and data exfiltration channel.
Diverse Lures: Attackers rotate lures, including “ID Scanner” and “Health Fund AI”, to target various demographics and bypass regional security filters.
The phishing pages impersonate popular platforms and services, including TikTok, Telegram, Instagram, Chrome/Google Drive, and game-themed lures such as Flappy Bird, to increase victim trust.
Once interaction occurs, the campaign attempts to collect multiple forms of sensitive data, including photographs, video recordings, microphone audio, device information, contact details, and approximate geographic location.
Overview
Campaign Start: Observed since early 2026
Primary Objective: Harvesting victim multimedia data and device information
Key Behavior: Browser permission prompts used to capture camera images, record audio/video, enumerate device metadata, retrieve geolocation information, and attempt contact list access through browser APIs.
The campaign operates as a web-based phishing framework that captures photographs directly from victims’ devices. The infrastructure hosts multiple phishing templates that impersonate verification systems or service recovery portals. The goal is to socially engineer users into granting browser permission for camera access.
Unlike traditional credential phishing pages, these pages do not primarily collect typed input. Instead, they rely on browser hardware permissions, requesting access to the device’s camera. Once permission is granted, the page silently captures a frame from the live video stream and exfiltrates it.
The use of Telegram as a data collection mechanism indicates that the operators prioritize low operational complexity and immediate access to stolen data. Since Telegram bots can receive file uploads through simple HTTP requests, attackers can directly integrate the API into client-side scripts.
Business Impact and Potential Abuse
The data collected through this campaign provides attackers with multiple forms of sensitive personal information and contextual intelligence, thereby significantly increasing the effectiveness of follow-on attacks.
One potential abuse scenario involves identity fraud and account recovery manipulation. The campaign captures victim photographs, video recordings, and audio samples that could be used to bypass identity verification workflows used by financial platforms, social media services, or other online services that rely on biometric or video-based verification.
Additionally, the collection of device information, location data, and contact details allows attackers to build detailed victim profiles. This information may be used to perform targeted social engineering attacks, impersonate victims in communication platforms, or craft convincing fraud attempts against their contacts.
Another concerning use case involves extortion and intimidation. Because the campaign captures multimedia data, such as camera images, video recordings, and microphone audio, attackers may pressure victims by threatening to expose the collected material unless a payment is made.
For organizations, the broader business impact includes:
Increased risk of identity theft and account takeover attempts
Potential abuse of stolen biometric and multimedia data in fraud schemes
Targeted phishing or fraud campaigns against employees and customers
Reputational damage if impersonated brand identities are used in malicious campaigns
The campaign’s ability to collect multiple categories of sensitive information from a single interaction significantly amplifies the risk to both individuals and businesses.
Why does this matter?
This campaign marks a significant evolution in phishing operations, shifting from credential theft to harvesting biometric and device-level data. By abusing browser permissions to capture victims’ live images, audio, and contextual device information, threat actors can obtain high-quality identity data that is difficult to revoke or replace.
The stolen data can be leveraged to bypass video-KYC and remote identity verification processes, enabling fraudulent account creation, synthetic identity fraud, account takeover, and financial scams across banking, fintech, telecom, and digital service platforms. Additionally, high-resolution facial images and audio samples may be weaponized for AI-driven impersonation and deepfake attacks, increasing the effectiveness of business email compromise and targeted social engineering campaigns.
For organizations, the campaign introduces elevated risks, including financial losses, regulatory non-compliance, AML exposure, reputational damage, and erosion of trust in digital onboarding systems, highlighting the growing need for stronger verification controls and browser-permission abuse detection.
Technical Analysis
The infection chain, as outlined in Figure 2, shows the stages of the attack.
Figure 2: Campaign Overview
Phishing Page Behaviour
The phishing page contains embedded JavaScript that leverages browser media APIs to access the victim’s device camera after obtaining user permission. Once access is granted, the script initializes a live video stream and processes its frames.
A capture function then renders a frame from the video feed onto an HTML5 canvas using ctx.drawImage(), effectively converting the live camera input into a static image. (see Figure 3)
The canvas content is subsequently encoded into a JPEG blob via canvas.toBlob(), creating a binary image object that can be transmitted through HTTP requests to attacker-controlled infrastructure.
Figure 3 – JavaScript Implementation Used for Browser-Based Photo Capture
Expanded Data Collection Capabilities
Analysis of the campaign script indicates that the phishing framework performs extensive device fingerprinting and environment enumeration before initiating camera-based verification workflows.
The script collects system metadata using the following browser APIs
navigator.userAgent
navigator.platform
navigator.deviceMemory
navigator.hardwareConcurrency
navigator.connection
navigator.getBattery
This allows the attacker to gather detailed information such as operating system type and version, device model indicators, screen resolution and orientation, browser version, available RAM, CPU core count, network type, battery level, and language settings.
Figure 4 – Script Fetching Victim IP and Geolocation via External APIs
Additionally, the script retrieves the victim’s public IP address using services such as api.ipify.org, then enriches the geolocation using ipapi.co, enabling the collection of country, city, latitude, and longitude data. (see Figure 4)
This telemetry is aggregated and transmitted to the attacker via the Telegram Bot API, providing operators with contextual information about the victim’s device and location prior to further data harvesting.
Figure 5 – Audio Recording Logic Used to Capture Victim Microphone Input
Beyond system profiling, the script implements multiple routines for collecting multimedia and personal data via browser permission prompts. The campaign captures several still images from both the front-facing and rear-facing cameras, records short video clips using the MediaRecorder API, and performs microphone recordings.
These recordings are packaged as JPEG, WebM video, or WebM audio files and exfiltrated via Telegram API methods such as sendPhoto, sendVideo, and sendAudio. (see Figure 5)
Figure 6 – Code Requesting Access to Victim Contacts via the Contacts API
Additionally, the script attempts to access the victim’s contact list through the Contacts Picker API (navigator.contacts.select), requesting attributes such as contact names, phone numbers, and email addresses. If granted, the selected contacts are formatted into structured messages and transmitted to the attacker. (see Figure 6)
User Interface Manipulation
The phishing pages include interface elements designed to convince victims that the image capture process is legitimate.
For example, status messages displayed during execution may include:
“Capturing photo”
“Sending to server”
“Photo sent successfully”
These messages simulate the behavior of legitimate identity verification platforms and help maintain the illusion that the process is part of a valid verification workflow.
Once the image is successfully transmitted, the script terminates the camera stream and resets the interface after a short delay.
Infrastructure Observations
Analysis of the campaign revealed that the phishing pages are primarily hosted under the edgeone.app domain. Multiple variations of phishing pages were observed using similar JavaScript logic and workflow patterns.
The consistent use of the same infrastructure suggests that attackers may be operating a templated phishing kit capable of generating different themed pages while maintaining the same underlying data-collection logic.
Because the image exfiltration occurs through Telegram infrastructure, the phishing pages themselves do not require backend servers, simplifying deployment and enabling rapid rotation of phishing URLs.
Indicators of Potential Generative AI Use in Script Development
During analysis of the phishing framework, researchers observed the use of emojis embedded directly within the script’s message formatting logic. These emojis appear in structured status messages that are assembled and transmitted during the data collection workflow. The use of decorative Unicode symbols within operational code is uncommon in manually written malicious scripts but has increasingly been observed in campaigns that use generative AI tools during development. (see Figure 7)
Figure 7 – Script Fragment Suggesting AI-Assisted Development
Targeted Countries and Impersonated Brands
During infrastructure monitoring and phishing URL telemetry analysis, the campaign’s infrastructure appears to be globally accessible. Analysis of the phishing templates used in this campaign reveals that the operators impersonate a range of widely recognized consumer platforms and applications. Observed brand impersonation themes include:
Impersonated Brand
Observed Theme
TikTok
Free followers/engagement rewards
Flappy Bird
Game reward or verification workflows
Telegram
Account freezing or verification alerts
Instagram
Account recovery or follower reward systems
Google Chrome / Google Drive
Security verification prompts
Conclusion
Our deep-dive analysis revealed a sophisticated phishing campaign that extends beyond traditional credential theft by harvesting multimedia and device-level data through browser permission abuse.
The campaign attempts to collect photographs, video recordings, audio recordings from microphones, contact details, device information, and approximate location data directly from victims. This operation demonstrates a growing trend where attackers leverage client-side scripting and legitimate web services to collect and transmit sensitive data without relying on traditional command-and-control infrastructure.
Indicators in the script also suggest AI-assisted development, reflecting how threat actors may be using generative AI tools to accelerate the creation of phishing frameworks.
The breadth of information collected increases the potential for identity theft, targeted social engineering, account compromise attempts, and extortion. Organizations should remain cautious about phishing pages that request hardware permissions, such as camera, microphone, or contact access, particularly when originating from untrusted domains.
Cyble’s Threat Intelligence Platforms continuously monitor emerging threats, attacker infrastructure, and malware activity across the dark web, deep web, and open sources. This proactive intelligence empowers organizations with early detection, brand and domain protection, infrastructure mapping, and attribution insights. Altogether, these capabilities provide a critical head start in mitigating and responding to evolving cyber threats.
Our Recommendations
We have listed some essential cybersecurity best practices that serve as the first line of defense against attackers. We recommend that our readers follow the best practices given below:
Restrict camera permissions for unknown websites
Monitor outbound traffic to api.telegram.org when originating from browser sessions
Deploy browser security extensions capable of identifying phishing pages
Implement domain monitoring for suspicious infrastructure hosting phishing kits
Collected data transmitted to the attacker’s infrastructure.
Indicators of Compromise (IOCs)
The IOCs have been added to this GitHub repository. Please review and integrate them into your Threat Intelligence feed to enhance protection and improve your overall security posture.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2026-03-14 02:07:022026-03-14 02:07:02Face value: What it takes to fool facial recognition
