Mastodon Mastodon Mastodon Mastodon

How AI Is Accelerating Real-World Attacks on Active Directory and AWS

Photo of author

CyberSecureFox Editorial Team

Published:

In early June 2025, researchers at Huntress documented an incident in which an unknown attacker used a PowerShell script, apparently generated with a large language model (LLM), for systematic reconnaissance of an Active Directory environment. Around the same time, Sygnia published a report on a cloud attack against a large Amazon Web Services infrastructure, where, according to the researchers, AI enabled the attacker to progress from initial access to wide-scale compromise in 72 hours. Both cases illustrate the same trend: AI is not creating fundamentally new techniques, but it is significantly accelerating the execution of already known attack scenarios.

Anatomy of the attack: from RDP to exfiltration

According to Huntress, the attack chain started with a connection over Remote Desktop Protocol (RDP) to a Windows domain server using previously compromised credentials. The attacker placed tools in the C:\ProgramData\ directory — a typical choice for camouflage, as this folder is hidden by default and is writable.

The central element was a PowerShell script with the telling name “100% Working AD Information Gathering Script – FULLY FIXED”, which in itself points to iterative interaction with a language model. Huntress researchers highlighted several indicators suggesting that the code was generated with AI:

  • A header that resembles iterative prompt refinement
  • Presence of placeholder strings
  • Unnecessarily complex code with multiple methods for discovering the domain controller
  • Stylized console output using colors (cyan, green, red, yellow)
  • A five-tier cascading fallback mechanism to ensure reconnaissance succeeds

The script was described as “highly aggressive” and “noisy.” After identifying the primary domain controller, it collected data on users, computers, groups, organizational units (OU), and trust relationships, saving the results in a staging directory. Notably, the script automatically generated an AD_Report.html file — an HTML report of the Active Directory inventory. In Huntress’s assessment, this functionality was most likely a “useful add-on” suggested by the LLM that the attacker simply chose not to remove.

Post-exploitation tools

Approximately 30 minutes after launching the reconnaissance script, the attacker moved on to deploying additional tools. They used s5cmd — a legitimate utility for bulk file operations — and SharpShares, a C# tool for enumerating network shares. The objective was to identify data repositories accessible to the compromised user.

At the final stage, the collected data was exported to CSV files, archived, and sent to a remote server. The entire process — from reconnaissance to exfiltration — followed a classic “smash-and-grab” pattern, but with AI acceleration at the tooling creation stage.

Parallel case: a cloud attack on AWS in 72 hours

The Sygnia report describes a separate incident in which, by the researchers’ assessment, an AI-assisted attack on a large AWS environment progressed from initial access to extensive compromise in roughly 72 hours. The attacker’s motivation is believed to have been financial — the victim’s cloud infrastructure was to be used as leverage for extortion.

Initial access was gained through a vulnerability in an internet-exposed application, which allowed the attacker to extract an access key for one of the AWS accounts. From there, the attacker followed a cyclical pattern: each new set of credentials triggered a new round of reconnaissance, secret collection, persistence attempts (creating IAM users and access keys), and exfiltration. Some of the artifacts were disguised as a pentest or red team exercise.

To pressure the victim, the attacker carried out destructive actions:

  • Blocking access to S3 buckets
  • Setting ECS services and containers to zero capacity
  • Creating ACL rules to block network access
  • Clearing SQS queues

Sygnia emphasizes that the attacker did not use any novel malware or zero-day vulnerabilities. All observed actions aligned with long-known techniques. The key difference was the speed at which each new access was converted into targeted activity: determining available permissions, resources, and optimal next steps.

Impact assessment: AI as a force multiplier

Both incidents lead to the same conclusion: AI is not generating new classes of attacks, but it is radically lowering the barrier to entry and accelerating execution. In the PowerShell script case, an attacker with minimal programming skills obtained a functional AD reconnaissance tool, albeit a “noisy” one. In the cloud case, the rapid adaptation to new credentials and resources points to automation of the analytical phases of the attack.

Organizations with weak monitoring of Active Directory and cloud environments are at greatest risk, particularly those where:

  • RDP access is exposed without multi-factor authentication
  • There is no monitoring for high-volume LDAP queries to domain controllers
  • Cloud access keys are not rotated and are not restricted by least privilege
  • There are no alerts for the creation of new IAM users or access keys

Practical recommendations

To protect Active Directory:

  • Configure alerts for large volumes of AD object enumeration (users, groups, OUs, trust relationships) over a short time period
  • Track execution of PowerShell scripts from atypical directories, particularly C:\ProgramData\
  • Monitor for the appearance of HTML and CSV files with characteristic names (AD_Report, Inventory) in staging directories
  • Restrict RDP access, enforcing MFA and proper network segmentation

To protect AWS cloud environments:

  • Enable alerts via CloudTrail for the creation of new IAM users and access keys
  • Set up detection for anomalous API call patterns: large-scale resource enumeration, rapid context switching between services
  • Apply the principle of least privilege to access keys and roles
  • Regularly test internet-exposed applications for leakage of secrets and keys

Both incidents show that defensive teams must revise their time assumptions for incident response: where reconnaissance and tooling preparation once took attackers days, AI assistance compresses this phase to minutes. The top priority is to ensure that detection rules for large-scale AD object enumeration and anomalous activity in cloud APIs are properly configured and functioning, and that response time to related alerts does not exceed 30 minutes.


CyberSecureFox Editorial Team

The CyberSecureFox Editorial Team covers cybersecurity news, vulnerabilities, malware campaigns, ransomware activity, AI security, cloud security, and vendor security advisories. Articles are prepared using official advisories, CVE/NVD data, CISA alerts, vendor publications, and public research reports. Content is reviewed before publication and updated when new information becomes available.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.