When you purchase through links on our site, we may earn an affiliate commission. This doesn’t affect our editorial independence.
Microsoft Seizes Domain Used for Malicious: Microsoft has taken control of an internet domain used by a foreign-based threat group to generate harmful and illicit AI images through Microsoft’s Azure OpenAI service. The group used stolen login credentials and custom software to bypass security safeguards and access the DALL-E AI image generator.
The hackers created and sold access to malicious tools, including one called “de3u,” which evaded Microsoft’s content filtering. Microsoft discovered the activity in July and revoked access, then filed a lawsuit to seize the domain, used in the hacking scheme.
After the seizure, the hackers attempted to cover their tracks by deleting evidence. Microsoft’s actions aim to prevent further misuse of its AI services and protect users from harmful content.
The tech giant’s Digital Crimes Unit (DCU) said it has observed the threat actors “develop sophisticated software that exploited exposed customer credentials scraped from public websites,” and “sought to identify and unlawfully access accounts with certain generative AI services and purposely alter the capabilities of those services.”
The Windows maker said it has since revoked the threat-actor group’s access, implemented new countermeasures, and fortified its safeguards to prevent such activity from occurring in the future. It also said it obtained a court order to seize a website (“aitism[.]net”) that was central to the group’s criminal operation.
