Nation-state actors are exploiting AI for discord and attacks, DHS warns

Andriy Onufriyenko/Getty Images

The agency’s 2024 Homeland Threat Assessment notes that the “proliferation of accessible AI” could enable larger-scale cyberattacks against the U.S.

A Department of Homeland Security report published Friday warns nation-state actors and cybercriminals are increasingly leveraging new cyber tools like generative artificial intelligence to sow discord in the U.S., exploit vulnerabilities and attack critical infrastructure sectors. 

The DHS 2024 Homeland Threat Assessment report identifies financially motivated cyberattacks as a key threat to domestic economic security and says emerging technologies are allowing adversaries to conduct "larger-scale, fast, efficient and more evasive cyber attacks." 

“The proliferation of accessible AI tools likely will bolster our adversaries’ tactics,” the report says. “Nation-states seeking to undermine trust in our government institutions, social cohesion, and democratic processes are using AI to create more believable mis-, dis-, and malinformation campaigns.”

Generative AI, which refers to AI systems that can rapidly produce text, images and video content, is providing threat actors with unprecedented capabilities to conduct real-time malicious information campaigns, according to DHS. 

The report included examples of Chinese and Russian news sites leveraging generative AI platforms to augment their operations, spread disinformation and conduct influence activities within the U.S. 

James McQuiggan, a security awareness advocate for the security firm KnowBe4, told Nextgov/FCW that the use of generative AI to produce convincing spear-phishing content and social engineering ploys is a "game changer." 

"Adversaries can now craft extremely persuasive lures tailored to each target," McQuiggan said. "The homeland threat assessment reminds us that our cyber defenses and resiliency require upgrading to be regularly monitored and to factor in the human element."

While many recent pro-Kremlin influence campaigns have largely focused on Russia's invasion of Ukraine and encouraged divisions among countries providing support to Kyiv, the report also warns that adversaries will likely employ similar tactics in the lead-up to the 2024 elections.  

"We expect the 2024 election cycle will be a key event for possible violence and foreign influence targeting our election infrastructure, processes and personnel," the report says.

DHS also warns that cybercriminals are increasingly targeting critical infrastructure sectors with denial-of-service, website defacement and ransomware attacks while seeking to develop and improve existing capabilities.

The report says malicious cyber actors are testing AI-developed malware and AI-assisted software development to conduct attacks targeting pipelines, railways and other critical infrastructure nationwide. 

Russian government-affiliated cyber espionage, Chinese government cyber actors and Iranian social engineering tactics will all likely remain key threats in 2024, the report says, adding that adversaries are continuing to steal sensitive information from U.S. critical infrastructure networks with the help of new AI programs.