Microsoft Uses Copilot to Uncover Hacker Supply Chain, Files Lawsuit Against Multifaceted Group

According to Security Insights by Beating, Microsoft's Digital Crimes Unit (DCU) deployed artificial intelligence technology in its operation against the Amadey and StealC malware. Investigators used tools like Copilot to analyze the malicious code and, through natural language questioning, clarified a potential association between the two pieces of software sharing the same digital infrastructure, thereby avoiding cumbersome manual code audits.

The Amadey malware is responsible for gaining device access, akin to having a house key, while StealC is an infostealer program used to collect sensitive data from browsers, cryptocurrency wallets, messaging apps, email clients, and gaming platforms. Microsoft's data shows that in the first two weeks of May, both pieces of malware infected over 140,000 computers worldwide. The increased specialization in the field of cybersecurity has heightened the difficulty of defense, as attackers often carry out infiltration and data theft in a multi-step, multi-actor manner.

The shared infrastructure between the two enabled Microsoft to file a single civil lawsuit with the court, accusing the defendants of violating the U.S. Racketeer Influenced and Corrupt Organizations (RICO) Act. Consolidated handling allowed Microsoft to sue multiple parties in one go without having to file separate cases for each tool. Microsoft collaborated in the operation with Europol, the German Federal Criminal Police Office, the National Police of the Netherlands and Denmark, as well as IBM and Proofpoint.

Microsoft highlighted that AI is reshaping both ends of the digital crime landscape. Richard Boscovich, Assistant General Counsel at Microsoft DCU, further noted that driven by AI, hackers are transitioning towards a specialized division of labor in an illegal supply chain, compelling security teams to shift their defense focus from individual malicious actors to the entire toolchain.