AI Agents Now Help North Korea and Other Attackers Manage Their Cyberattack Infrastructure
Microsoft threat intelligence chief says criminals outsource janitorial work to AI agents that deploy and maintain attack systems
Sherrod DeGrippo, Microsofts GM of global threat intelligence, told The Register that threat actors are increasingly using AI agents to handle what she described as the janitorial-type work needed to maintain attack infrastructure — tasks like setting up servers, managing domains, and rotating credentials.
North Korea has been among the most active adopters, using AI tools to streamline operations that previously required significant manual effort. The shift means attackers can scale their operations more efficiently while focusing human operators on higher-value targeting decisions.
Criminals will do what gets them their objective easiest and fastest, DeGrippo said, and AI agents are proving to be a force multiplier for the operational side of cybercrime that has traditionally been resource-intensive and tedious.
Analysis
Why This Matters
The use of AI agents by state-sponsored hackers represents a qualitative shift in cyber warfare. Rather than making attacks more sophisticated, AI is making the boring-but-necessary operational work cheaper and faster — lowering the barrier to sustained campaigns.
Background
North Korea has long relied on cyber operations to fund its weapons programs and conduct espionage. Microsofts threat intelligence team tracks these operations and has observed the adoption of AI tooling accelerating in recent months.
Key Perspectives
The framing of AI as handling janitorial work rather than creating novel attacks is important. It suggests the immediate threat is scale and persistence rather than new attack types.
What to Watch
Whether defensive AI tools can keep pace with the operational efficiency gains attackers are seeing. The gap between AI-augmented offense and defense continues to widen.