Skip to content
Auto-CTI
Back to today
NEW HIGH C3

Attacker Uses Suspected AI-Generated PowerShell Script to Map Active Directory

C The Hacker News ·

Admiralty grading (A–F · 1–6)

Source reliability

  • A Completely reliable
  • B Usually reliable
  • C Fairly reliable
  • D Not usually reliable
  • E Unreliable
  • F Cannot be judged

Information credibility

  • 1 Confirmed
  • 2 Probably true
  • 3 Possibly true
  • 4 Doubtful
  • 5 Improbable
  • 6 Cannot be judged

NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.

Key insight

Threat actors leverage AI-generated tools for automated AD enumeration, lowering the skill barrier for less-experienced attackers and representing a new dimension of post-compromise reconnaissance.

Description

An unknown threat actor employed an AI-generated PowerShell script to comprehensively map an Active Directory environment, identifying Domain Controllers, users, computers, and domains. The attacker leveraged pre-compromised RDP credentials on a Windows Server, staged tools in system folders, and generated a detailed AD_Report.html capturing enumeration results. Analysis points to AI coding through prompt-iteration artifacts and script structure characteristics. The incident demonstrates that threat actors use AI models not for entirely novel attack vectors, but to automate and professionalize well-known post-compromise techniques, significantly lowering accessibility of highly capable tools to cybercriminals.

Risk score

17
cvss base
0.00
kev bonus
0.00
epss bonus
0.00
poc bonus
0.00
raw before weight
0.00
industry weight
1.10
freshness factor
1.00
exploitability factor
1.00
days old
0.00
vendor mismatch penalty
0.00
consensus penalty
-3.00

Path: operational

Consensus check

The pipeline self-checks before delivery. These rules lowered the score:

  • TTP_SKIPPED TTP mapping skipped (placeholder or aggregation article) −3
Consensus penalty:
−3.0
Total penalty:
−3.0
ESC