{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/large-language-model-services/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Large Language Model services"],"_cs_severities":["medium"],"_cs_tags":["command_and_control","llm","malware","windows","macos"],"_cs_type":"advisory","_cs_vendors":["OpenAI","Anthropic"],"content_html":"\u003cp\u003eThis detection identifies suspicious network connections to known Large Language Model (LLM) APIs and chat portals. It focuses on detecting anomalous processes, such as scripting utilities or unsigned executables, making DNS requests to these LLM services. The assumption is that malware may be attempting to leverage LLMs to perform dynamic actions, such as receiving instructions or exfiltrating data via the LLM service. This behavior began appearing in threat intelligence reports in late 2025 and continues to evolve. The detection aims to catch malware abusing legitimate LLM services for command and control, blending in with normal network traffic. This detection helps identify command and control using LLMs, which can dynamically adapt malware behavior, making traditional signature-based detections less effective.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker compromises a system through an initial access vector, such as exploiting a vulnerability or using social engineering.\u003c/li\u003e\n\u003cli\u003eThe attacker deploys a malicious script (e.g., PowerShell, JavaScript) or an unsigned executable onto the compromised host.\u003c/li\u003e\n\u003cli\u003eThe malicious script or executable performs a DNS query to resolve a known LLM API endpoint (e.g., api.openai.com, api.anthropic.com).\u003c/li\u003e\n\u003cli\u003eThe script or executable establishes a network connection to the resolved LLM API endpoint using HTTP/HTTPS.\u003c/li\u003e\n\u003cli\u003eThe malicious actor sends a command to the compromised system through the LLM API, disguised as a normal user request.\u003c/li\u003e\n\u003cli\u003eThe compromised system receives the command from the LLM API and executes it. This might involve actions such as data exfiltration, lateral movement, or deploying further payloads.\u003c/li\u003e\n\u003cli\u003eThe system sends the results of the executed command back to the attacker through the LLM API.\u003c/li\u003e\n\u003cli\u003eThis bidirectional communication repeats, allowing the attacker to maintain persistent command and control over the compromised system via the LLM service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows attackers to execute arbitrary commands on compromised systems, potentially leading to data theft, system disruption, or further propagation within the network. Given the increasing reliance on LLMs, this attack vector could affect a wide range of organizations and industries. The compromised system effectively becomes part of a botnet controlled via LLM infrastructure, making attribution and takedown more difficult. The use of LLMs can also make the attack more difficult to detect, as the network traffic blends in with legitimate LLM usage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026quot;Detect DNS Queries to Common LLM Endpoints by Scripting Utilities\u0026quot; to your SIEM and tune for your environment, focusing on process names and command-line arguments.\u003c/li\u003e\n\u003cli\u003eMonitor DNS query logs for connections to the LLM domains listed in the IOC table originating from unusual or unsigned processes.\u003c/li\u003e\n\u003cli\u003eInvestigate any alerts generated by the Sigma rules, paying close attention to the process execution chain and any associated network activity.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to limit the impact of compromised systems and restrict outbound connections to trusted LLM services.\u003c/li\u003e\n\u003cli\u003eEnable process-creation logging, including command-line arguments, to activate the rules above.\u003c/li\u003e\n\u003cli\u003eBlock the C2 domains listed in the IOC table at the DNS resolver.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T15:00:00Z","date_published":"2024-01-03T15:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-llm-command-control/","summary":"This rule detects DNS queries to known Large Language Model (LLM) domains originating from unsigned binaries or common Windows scripting utilities, indicating potential malware command and control activity.","title":"Malware Leveraging Large Language Model Endpoints for Command and Control","url":"https://feed.craftedsignal.io/briefs/2024-01-llm-command-control/"}],"language":"en","title":"CraftedSignal Threat Feed - Large Language Model Services","version":"https://jsonfeed.org/version/1.1"}