I know, people. Cybersecurity isn’t your thang. You glaze over the moment that someone says “zero-day vulnerability” like it’s a bedtime story.
I get it though.
I have tried writing about it before, tried warning you, tried painting the digital apocalypse in neon, blood-red letters. But here you are, still clicking on emails from Nigerian princes, still using “password123” like a goddamn invitation, still thinking incognito mode makes you invisible.
You don’t care.
Well, not until your bank account gets siphoned, your identity gets sold for the price of a bad cup of coffee, or your face ends up in some AI-generated deepfake scandal that ruins your life before you even know what hit you. And even then, you’ll probably just change your password to “password1234” and call it a day.
So fine.
Keep pretending it won’t happen to you.
Keep rolling your eyes when someone talks about “AI-enhanced cyber threats” like it’s a problem for other people. Keep living in blissful ignorance while hackers, no, machines, are out there working 24/7 to turn your data, your privacy, and your entire digital existence into their next payday.
Me?
I’ll be here, watching, waiting.
Because the breach is coming.
And when it does, when your accounts are drained, your emails are hijacked, and your very identity is chewed up and spat out by some AI-driven cyber syndicate, don’t come crying to me.
I told you so.
So, for the ones that actually care about their schtuff online, this post is for you. It’s about how foreign bad peeps are trying to force their way into your lives, and attaching itself to your identity like a demonic entity in need of an exorcism.
And for the rest, absolutely do not read:
- How AI is preventing cyber attacks [including e-book] | LinkedIn
- The cost of trusting AI. This guy learned it the hard way. | LinkedIn
- A guide to tricking and defending chatbots ⚠️ contains code ⚠️ | LinkedIn
- Researchers have ranked AI models by risk. It was one big mess. | LinkedIn
- Privacy is dead, and here’s how to fight like hell to keep what’s left | LinkedIn
If you like my rants and want to support me:
- Comment, or share the article; that will really help spread the word 🙌
- Connect with me on Linkedin 🙏
- Subscribe to TechTonic Shifts to get your daily dose of tech 📰
- TechTonic Shifts also has a blog, full of rubbish you will like !
The death of manual hacking
Cybercrime isn’t what it used to be. It was once a game of brute force, trial and error, and clunky phishing scams that relied on human gullibility, and also a bit on bad grammar. I think most of you have played with Kali a couple of times, you know, the Linux penetration testing toolset for brute force hacking, network penetration, SQL injection, and-so-on. I certainly know I have had my share of it. I think I nearly spent half a salary on Hak5, the “pentesting” tools-shop.
Here’s a photo of my WiFi Pineapply to build rogue accesspoints, including GSM signal spoofer (anyone interested?)
But also the more malicious tools like my Hak5 toolkit, the rubber ducky for exfiltrating data or creating backdoors and launching exploits, the bash bunny that can deploy payloads to compromised systems. It’s basically plug, play and pwn. Then there’s the key crock that silently records keystrokes from your keyboard. It’s wifi enabled, so it uploads logs in real-time.
So, people, if this hasn’t convinced you to abandon “Name+birthday+exclamation mark” and move to two factor authentication or more, I don’t know what will.
For an overview of all the goodies at your disposal, dear script kiddies, get a load of this:
But the thing with these tools is that they are inefficient. And it requires effort, an actual human on the other end that is crafting these scams, breaking into systems, and exploiting vulnerabilities by hand.
Aww the good-ol’ days.
Don’t you miss it?
But that era is dead.
Buried.
Replaced by an infinitely smarter, faster, and more efficient predator.
Artificial “intelligence”.
Now, state-sponsored cybercrime has become automated.
Gone are the days of manual hacking where bad peeps had to sit in dimly lit rooms (my home-lab), hammering away at keyboards, hoping for a weak password to crack. And today, AI does all the grunt work for them.
It writes malware, crafts perfect phishing emails, impersonates CEOs, and even evolves mid-attack to bypass security measures. What used to take days or weeks now happens in seconds. I am not talking about digital crime anymore, I am talking about AI-powered industrialized warfare.
And the people running the show are North Korea, Russia, and China, the unholy trinity of my cyber nightmares.
These aren’t your average basement-dwelling script kiddies.
These people are state-backed, AI-superpowers with an insatiable appetite for financial theft, espionage, and chaos. They are not in the phase of experimenting with AI.
Nah, they are already past that.
And now, they are perfecting it.
The rest of the world is debating whether AI-generated art is theft, and we should add guard-rails to our AIs to prevent it from saying bad-things, and talking about Ethics, these guys are using AI to run full-scale hacking operations that nobody can stop.
You think your firewalls will hold up?
Well, good night.
You’re cute.
I like you !
You think AI companies who are banning their accounts will slow them down?
Also cute.
You think you can track these attacks?
By the time you do, they have already vanished, rebranded, and are halfway through their next billion-dollar heist.
North Korea = AI-powered cybercrime for profit
North Korea isn’t playing around with AI. They are using it to bankroll an entire regime. Every stolen crypto wallet, every hijacked IT system, every fraudulent job application feeds their nuclear weapons program.
Sanctions?
Schmanctions.
Meaningless.
Why trade when you can just steal everything you need. AI has turned North Korean cybercrime into a full-scale industry, one that ismore sophisticated, efficient, and dangerous than ever.
And don’t think for a second that they are relying on outdated tricks. The North Korean cyber apparatus is among the most adaptive on the planet. They have figured out that AI makes everything easier. Phishing emails, well, AI crafts them with flawless grammar and social cues that are so convincing that they would fool your own mother.
Telephone scams. Have you played with the tool Sesame, I told you about?
If you haven’t, you should have a look.
Sesame AI | Revolutionary Natural Voice Companions | Try Free
This voice-assistant feels so darn natural, it could have fooled me it wasn’t human.
And now take this AI and feed it with intentions and have it call your 70 year old mother/grandfather and have it ask for money on your new bank-account.
What do you think would happen?
And what about deepfake job interviews?
AI creates entire fake personas, complete with fake work histories, fake recommendations, and synthetic video footage. If you think this is not happening, read this story.
These guys and girls don’t even need to write their own code anymore.
Large language models like ChatGPT, DeepSeek, and Gemini do that for them. Yes, also the Western AI, because they are very capable of hiding their trails. And though OpenAI catches a few, and proudly reports about it, we all know this is just the tip of the iceberg. Read their report.
They fine-tune AI to help them automate fraud, crack passwords, and mimic human behavior so precisely that even seasoned cybersecurity pros struggle to keep up. If you think your email inbox is safe, you are delusional. AI-generated phishing scams are indistinguishable from legitimate corporate communications. You might as well be handing over your credentials.
And then there’s the largest digital heists ever conducted.
Let me elaborate.
North Korea’s billion dollar heist
It started with a printer. A malfunctioning, unassuming, piece-of-junk printer. That’s what tipped off Bangladesh Bank that something was off. Not flashing red alarms. Not a cybersecurity alert. Just a stubborn machine that was refusing to spit out transaction records. And by the time anyone realized what was happening, North Korea’s hackers had already pulled off one of the most audacious cyber heists in history.
Nearly one billion dollars vanished into thin air.
It got funneled through fake charities, shady casinos, and a web of laundromats.
The world’s most isolated and economically crippled nation was about to pull off the biggest bank robbery ever. And without setting foot in a bank.
Now how does a country with barely any internet access, a GDP lower than some mid-sized corporations, and a capital that appears as a black hole on satellite images become one of the most feared cybercriminal operations on the planet.
Well, the answer is training, patience, and now, artificial intelligence.
North Korea has relied on smuggling, counterfeiting, and arms deals for decades to keep its economy from completely imploding. But because of global sanctions, they needed a new revenue stream. One that couldn’t be blocked by trade restrictions.
Here comes cybercrime.
Kim Jong-un knew that hacking could bring in more money than traditional smuggling, and it didn’t require physical risk. No need to move contraband across borders. No need to bribe officials. Just a laptop, an internet connection, and an army of highly trained cyber soldiers.
So he launched the Lazarus Group, which is North Korea’s elite state-backed hacking unit. I always wonder why they used this name. Maybe because (much like their biblical namesake), they refuse to stay dead?
Anyways. .
They are not a ragtag group of criminals.
They are military-grade cyber operatives, trained in China, groomed in elite government programs, and use AIs like DarkBert, which was trained on the Dark Web.
Do read: The AI forged in darkness | LinkedIn
How the AI almost stole a billion dollars
In 2016 Kim Yong-Un set his sights on something big.
The plan was almost flawless. North Korea’s hackers infiltrated Bangladesh Bank. That is the central financial institution of the entire country. They had gained access to a billion dollars, which is more money than some national budgets.
They just needed a way to move it.
They had spent over a year inside the bank’s networks. A single phishing email, disguised as a job application, had been enough to get them in. From there, they lurked. Watching. Learning. Mapping out the bank’s infrastructure.
They used AI to analyze transaction patterns, identify security weak points, and calculate the best time to strike, which turned out to be a Thursday night, right before a long weekend when the bank would be shut down.
AI wrote the fraudulent bank transfer requests. AI executed the transactions at just the right intervals. AI calculated the laundering routes, so that the stolen money wouldn’t be traceable.
And then, at 8:36 PM on February 4, 2016, the transfers began.
Thirty-five fraudulent transactions. $951 million was on the move, funneled into accounts across the globe. Some of it was heading to casinos in the Philippines. Some to shell companies in Sri Lanka.
And it would have worked.
Every single dollar would have disappeared forever.
Except for one small, stupid detail.
One of the transactions contained the word “Jupiter” in the recipient’s address, and a routine banking keyword filter flagged it, because “Jupiter” was also the name of a sanctioned Iranian shipping vessel.
That single word stopped the entire heist.
The Federal Reserve Bank of New York, where Bangladesh Bank holds its funds, froze all but $81 million of the transactions. Just like that, North Korea’s perfect crime fell apart.
But even $81 million was still a massive payday.
The stolen money moved fast. It flowed through casinos in Manila, bounced between shell corporations, and vanished into cryptocurrency laundering networks.
AI helped erase the money trail.
AI helped coordinate the laundering operation.
AI ensured human error wouldn’t slow them down.
And yet, for all its brilliance, the Lazarus Group hadn’t accounted for dumb luck. A single flagged word. A random compliance check. That was all it took to halt a billion-dollar crime.
But the damage was already done.
North Korea proved something that night that they did not need foreign aid. They didn’t need trade deals. They had something better, and that was cybercrime at scale.
And AI made it possible.
After Bangladesh, North Korea doubled down on AI-driven hacking.
In 2017, the WannaCry ransomware attack crippled hospitals, banks, and corporations worldwide. AI helped Lazarus develop a self-propagating malware that spread faster than anyone could stop it.
They learned how to use AI to steal cryptocurrency. Over the past decade, they have stolen over $2 billion, through exploiting decentralized finance platforms and blockchain networks with AI-powered cyber attacks.
Russia. AI-generated espionage and war-grade cyberattacks
Russia isn’t hacking for the fun of it. They are using AI as a force multiplier for cyber warfare, espionage, and political manipulation. And their biggest proving ground has been Ukraine. The rest of the world was trying to fight misinformation with fact-checking, and Russia deployed AI-driven cyber tactics that left entire institutions searching for the truth.
It all starts with intelligence gathering.
AI helps Russian cyber operatives sift through mountains of stolen data, like government emails, military communications, personal records. They are analyzing and filtering for the most valuable intel. What used to take months now happens in seconds. Military officials, politicians, journalists. . . nobody is safe. AI processes hacked communications, reconstructs sensitive strategies, and even predicts future decisions based on historical patterns.
Then there’s the disinformation game.
AI-generated fake news articles, deepfake videos of politicians, and synthetic voice clips have blurred the line between reality and propaganda. You think your encrypted messages are safe, but Russian AI-driven phishing campaigns are so darned precise, that they can mimic your own contacts, using names, ranks, and private information to lure victims into clicking malicious links. No spelling errors. No broken English. Just personalized deception.
And now, AI is being used to create self-evolving malware, that is software that rewrites itself to evade detection.
Software rewriting itself to evade detection?
OMG.
That is exactly the plot of “Eagle Eye” (2008) – no @DreesMarc, not a book – where an autonomous AI system continually rewrites itself to avoid shutdown, and all the while it tries to hijack military networks and financial systems.
China. The red-oracle of cyber espionage
China is hacking for intelligence, and they are hacking to control the future. Their cyber operations aren’t geared towards stealing secrets, but they are about rewriting the global digital landscape. And AI is their ultimate weapon.
China has mastered AI-driven cyber espionage.
They are targeting everything from financial institutions to media conglomerates to manufacturing firms. AI automates reconnaissance, scans for vulnerabilities, and orchestrates attacks at a level no human could ever match.
And then there’s their AI-powered surveillance state. Platforms like DeepSeek are being used for cybercrime, and as been proven, they are potential backdoors for Chinese intelligence agencies. Every query, every dataset, every AI-generated output is monitored, logged, and could be manipulated.
Take the CALEA debacle for instance. It was a ticking time bomb from the moment it was signed into law. CALEA was designed in 1994 to give law enforcement built-in wiretapping access to digital phone networks. It meant that every modern communication system come pre-installed with a backdoor. The government wanted easier surveillance, but in doing so, it hardcoded a security vulnerability into the infrastructure of the U.S. telecom industry.
That vulnerability made wiretaps easier for the FBI, and it made them easier for any sufficiently motivated foreign adversary. And now, the Chinese government appears to have waltzed straight into those very systems, where they gained access to U.S. court-ordered wiretaps and possibly compromising decades of counterintelligence efforts.
SHEEEEESH!
The scale of this breach is beyond anything.
Wiretapping is an insider’s guide to which spies, criminals, and terrorist networks the U.S. government is tracking. If the Chinese have indeed accessed this information, it means they now know exactly who has been exposed, who remains undetected, and where to tighten their own security measures. Worse still, it doesn’t only affect Chinese intelligence operations, but Russia, Iran, and other hostile nations will now know if their agents have been compromised.
That’s kinda catastrophic.
But this wasn’t just a case of bad luck.
Experts had warned for decades that CALEA was a national security disaster waiting to happen. Cybersecurity professionals pointed out that forcing wiretapping capabilities into telecom infrastructure was essentially putting a master key under the welcome mat. CALEA centralized wiretap data that made it a single point of failure that could be targeted by sophisticated cyber adversaries. And now, as reports of Chinese infiltration surface, it is being made clear that the system worked exactly as designed, but just not for the people it was supposed to benefit.
So peeps, if you made it all the way to the bottom, that means you are taking your info serious, and I respect you for that. Maybe you are cursing me right now, for the length of the article, but sorry, I just can’t help myself.
So here’s the bottom line. The TL;DR I should have started with. The days of manual hacking are over. Now, cybercriminals and state-backed operatives who deploy AI-driven attacks that are smarter, and harder to detect. The firewall that you installed last week is already outdated, the chinese built camera’s also have a backdoor in them. And the malware signatures that you rely on, are also worthless against AI that rewrites itself in real time.
And it’s not just North Korea, Russia, or China. AI-powered cybercrime is about to be everywhere. The barriers to entry are gone. Soon, any state with an internet connection, and a hatred against the west will have access to AI-generated hacking tools sophisticated enough to take down entire institutions. AI is democratizing cyber warfare.
Signing off from the endgame. Hope you enjoy the ride.
Marco.
Oh? Did I ask you to take the TTS survey?
I build AI by day and warn about it by night. I call it job security. Stick around if you like what I write. If not, don’t worry, the AI already already knows you were here.
To keep you doomscrolling 👇
- The AI kill switch. A PR stunt or a real solution? | LinkedIn
- ‘Doomsday clock’: it is 89 seconds to midnight | LinkedIn
- AIs dirty little secret. The human cost of ‘automated’ systems | LinkedIn
- Open-Source AI. How ‘open’ became a four-letter word | LinkedIn
- One project Stargate please. That’ll be $500 Billion, sir. Would you like a bag with that? | LinkedIn
- The Paris AI Action summit. 500 billion just for “ethical AI” | LinkedIn
- People are building Tarpits to trap and trick AI scrapers | LinkedIn
- The first written warning about AI doom dates back to 1863 | LinkedIn
- How I quit chasing every AI trend (and finally got my sh** together) | LinkedIn
- The dark visitors lurking in your digital shadows | LinkedIn
- Understanding AI hallucinations | LinkedIn
- Sam’s glow-in-the-dark ambition | LinkedIn
- The $95 million apology for Siri’s secret recordings | LinkedIn
- Prediction: OpenAI will go public, and here comes the greedy shitshow | LinkedIn
- Devin the first “AI software engineer” is useless. | LinkedIn
- Self-replicating AI signals a dangerous new era | LinkedIn
- Bill says: only three jobs will survive | LinkedIn
- The AI forged in darkness | LinkedIn
Leave a Reply