AI Finds Thousands of Zero-Days While APT28 Hijacks DNS Infrastructure

Page content

AI Finds Thousands of Zero-Days While APT28 Hijacks DNS Infrastructure

I’ve been tracking some pretty significant developments this week that really highlight where we are in cybersecurity right now. On one hand, we’re seeing AI potentially revolutionize vulnerability discovery. On the other, we’re dealing with the same persistent threats that have been plaguing us for years.

AI-Powered Vulnerability Discovery Gets Real

The biggest story that caught my attention is Anthropic’s announcement of Claude Mythos, their new AI model that’s apparently finding thousands of zero-day vulnerabilities across major systems. They’re calling it “Project Glasswing” and have partnered with some heavy hitters including AWS, Apple, Broadcom, Cisco, and CrowdStrike.

What’s interesting here isn’t just that an AI found vulnerabilities – we’ve seen automated scanning tools for decades. It’s the scale they’re claiming. “Thousands” of zero-days suggests this isn’t just catching the low-hanging fruit that traditional static analysis might miss. If these numbers hold up, we might be looking at a fundamental shift in how we approach vulnerability research.

I’m cautiously optimistic but also a bit concerned. Having an AI that can systematically find zero-days is great when it’s in the hands of defenders and responsible researchers. But the same techniques could theoretically be used by attackers. The question becomes: how do we ensure this technology stays on the right side of the equation?

APT28 Keeps Doing What APT28 Does

Meanwhile, in the “some things never change” department, the FBI just disrupted a DNS hijacking operation run by APT28 – the same Russian group we’ve been dealing with for years. They were compromising US-based routers to redirect DNS traffic, which is honestly a pretty classic move from their playbook.

The FBI’s response was interesting though. Instead of just identifying the compromised routers, they actually deployed a method to “unplug” them from the malicious network. It’s good to see more proactive disruption rather than just detection and alerts.

This really drives home a point I keep coming back to: while we’re getting excited about AI finding new vulnerabilities, we’re still struggling with basic infrastructure security. These router compromises often happen because of default credentials, unpatched firmware, or poor network segmentation – problems we’ve known how to solve for years.

The Adobe Reader Problem Persists

Speaking of persistent problems, researchers have found evidence of an Adobe Reader zero-day that’s apparently been exploited for months. Haifei Li discovered a malicious PDF designed to exploit an unpatched vulnerability, which honestly shouldn’t surprise anyone who’s been in this field for a while.

PDF-based attacks feel almost quaint at this point, but they’re still effective because people still open PDFs from questionable sources. The fact that this particular vulnerability has been exploited “for months” suggests it’s been flying under the radar of traditional detection methods.

This is where I think the AI vulnerability discovery could really help. If Claude Mythos or similar tools had been analyzing Adobe Reader earlier, maybe this zero-day would have been found and patched before attackers could exploit it in the wild.

Travel Industry Takes Another Hit

On the data breach front, Eurail announced that attackers stole personal information from over 300,000 individuals in a December attack. The travel industry seems to be a favorite target lately, probably because these companies handle a perfect storm of personal data, payment information, and travel patterns.

What bothers me about these breach announcements is how long they take to surface. This attack happened in December, and we’re just hearing about it in April. I understand that breach investigations take time, but four months feels excessive when people’s personal information is involved.

The Metrics Problem We All Know About

Finally, there’s an interesting piece from Dark Reading about how we measure cybersecurity success – or more accurately, how we’re doing it wrong. A panel of C-suite leaders discussed why our current metrics aren’t actually improving security outcomes.

This resonates with something I’ve been thinking about lately. We tend to measure what’s easy to count rather than what actually matters. Number of vulnerabilities patched, number of security alerts processed, percentage of employees who completed security training – these are all measurable, but do they actually correlate with better security?

The real challenge is that good security is often invisible. The attacks that never happened, the breaches that were prevented, the incidents that were contained before they became incidents – these don’t show up in our dashboards.

Looking Forward

The contrast between these stories is pretty stark. We have AI potentially revolutionizing how we find vulnerabilities, while we’re still dealing with DNS hijacking, PDF exploits, and data breaches that could have been prevented with better basic security practices.

Maybe that’s the real lesson here. Technology can give us powerful new tools, but it doesn’t replace the fundamentals. We still need to patch our systems, secure our infrastructure, and protect our data. The AI tools might help us find problems faster, but we still need to fix them.

Sources