Microsoft has initiated legal proceedings against a foreign-based threat group for orchestrating a sophisticated hacking-as-a-service operation targeting its AI services. The group exploited stolen credentials to bypass security measures and generate prohibited content through Microsoft’s generative AI platforms.

Key Developments:
– Discovery of the illegal operation in July 2024
– Seizure of the website “aitism[.]net”
– Identification of at least three primary perpetrators
– Evidence of seven additional parties involved in utilizing the illegal services

Technical Details:
The attackers developed custom software tools, including:
– “de3u”: A DALL-E 3 frontend with reverse proxy support
– “oai reverse proxy”: A service routing unauthorized API calls through Cloudflare tunnels

The operation involved:
– Systematic theft of Azure API keys from U.S. companies
– Unauthorized access to Azure OpenAI Service
– Creation of harmful content using DALL-E
– Monetization through selling access to other malicious actors

Microsoft’s Response:
– Revoked threat actors’ access
– Implemented new security countermeasures
– Obtained court orders for domain seizure
– Strengthened platform safeguards

The investigation revealed that the group’s activities extended beyond Microsoft, targeting multiple AI service providers. The company has documented evidence of similar attacks affecting other providers including Anthropic, AWS Bedrock, Google Cloud Vertex AI, and OpenAI.