APT Meets GPT: Targeted Operations with Untamed LLMs

216.73.217.80

APT Meets GPT: Targeted Operations with Untamed LLMs

· Published 08/10/2025 16:08 · Modified 08/10/2025 16:11

Essential information

Published: 08/10/2025 16:08
Modified: 08/10/2025 16:11
Tags: 2025-10-08 archive file govershell govershell c2 llms persistence phishing powershell randomdir8char rar uta0388 websocket zip
Related entities: 41 observables, 1 intrusion sets (apt), 10 techniques (mitre), 2 malware

Description

Over the course of three months, Volexity observed UTA0388 using various themes and fictional identities across dozens of spear phishing campaigns. As time passed, Volexity observed UTA0388 broaden their targeting and send emails in a variety of different languages, including English, Chinese, Japanese, French, and German. In most cases, the initial email sent by UTA0388 contained a link to phishing content hosted on a cloud-based service that would lead to malware.

External references

https://www.volexity.com/blog/2025/10/08/apt-meets-gpt-targeted-operations-with-untamed-llms/
https://otx.alienvault.com/pulse/68e68c8d506e04cc0474a83b