How adversaries are using GenAI for information and computer network operations

Like every sector of the economy, adversaries too are experimenting with Generative Artificial Intelligence (GenAI). In the past year, CrowdStrike threat researchers found cybercriminals used the technology to boost Information Operations (IO) and Computer Network Operations (CNO). While adversary use of GenAI remains largely iterative and experimental, the CrowdStrike 2025 Global Threat Report found several startling examples of deliberate GenAI use related to IO and CNO. 

What are information and computer network operations?

Information Operations

IO are intentional activities and campaigns designed to influence people, communities, organizations, markets, and even large populations to achieve a goal. Examples include a particular winner in an election, policy adoption, a widely-held belief that aids the adversary’s goals, and much more. GenAI is naturally good at quickly creating believable content at scale, which makes it a natural fit for IO use.

Computer Network Operations

CNO is a broad term that includes cyberattacks, defense, and various cyber activities such as reconnaissance, access, exfiltration, and compromise of a targeted entity. In this sense, GenAI has the potential to be used to develop new tools, weapons, and strategies to execute CNO. 

Why is GenAI a natural fit for cyber threats?

The technical complexity of the web and information technology presents a natural barrier to cyberattacks. Unlike a physical theft or attack, adversaries must be knowledgeable enough to navigate the complex digital infrastructure of the internet — knowledge that can take years to build. GenAI holds the potential to level this barrier:

• Easily Accessible: GenAI tools are readily available to anyone with an internet connection and interfacing through natural language reduces the need for technical expertise. In theory, adversaries could use GenAI to quickly prototype malicious tools then “fire and forget” without actually understanding how the tools work. 

• Persuasiveness: Research demonstrates GenAI’s powerful persuasive capability. A 2024 study found that just three short conversations with ChatGPT reduced participants' belief in conspiracy theories, noting that the influence lasted even three months after the conversations took place.¹

• Scalable: AI-generated content that is compelling and highly believable can be produced quickly and at scale. This capability enables adversaries to build the deceptive depth needed for a convincing IO campaign.

• Continuous Evolution: Existing attack methods can be iteratively enhanced using GenAI, finding new and more effective ways to use proven methods. GenAI will also likely get better, increasing its ability to develop novel techniques. 

Real-world examples of GenAI use for Information Operations

As reported in the 2025 Global Threat Report, CrowdStrike’s threat researchers found several instances of GenAI enabled IO to manipulate public perception and amplify societal divisions:

• Green Cicada Network: In August 2024, industry sources reported on Green Cicada, an IO network likely enabled by a Chinese-language LLM system consisting of over 5,000 fake accounts on the social media platform X. These accounts amplified divisive political content to influence public opinion during the 2024 U.S. presidential election.

• Russian Disinformation Campaign: In 2024, Russia-aligned operators used GenAI to automate the generation of tailored disinformation for a major campaign aimed at audiences in the United States, Israel, and various European countries.

Real-world examples of GenAI use for Computer Network Operations

In addition to IO, some adversaries are experimenting with GenAI to directly support CNO, likely for writing utility scripts and developing tools or malware. Here are specific examples CrowdStrike threat researches identified:

• Spam and Malware Delivery: In March 2024, a cybercriminal campaign leveraged likely LLM-generated email templates to distribute Snake Keylogger malware, marking one of CrowdStrike’s earliest confirmed instances of LLM-generated malicious content.

• Big Game Hunting (BGH) Ransomware Operations: The ransomware group APT INC deployed an LLM-generated destructive PowerShell script, strategically designed to irreversibly destroy data on compromised hosts, highlighting GenAI’s emerging role in high-stakes cyber threats.

• Decoy Websites (NITRO SPIDER Campaigns): Adversaries employed LLM-generated decoy sites in malvertising attacks, misleading legitimate visitors searching for software products into malware-infected sites, thus significantly enhancing campaign effectiveness.

• 2FA Tooling Deception: Threat actors targeted users seeking two-factor authentication solutions, using malicious advertisements to funnel traffic to LLM-crafted decoy websites, further exposing victims to potential compromise.

• GenAI for Malware Development: Discussions within cybercriminal communities indicate increasing interest in using GenAI to assist in creating complex malware tools. A Yemen-based ransomware operator maintains a GitHub repository featuring tools powered by GPT models to execute shell commands and other malicious tasks.

Recommendations

GenAI capability will likely increase in the years and months ahead. And when cyberattacks can occur in minutes, being prepared makes all the difference. Stay ready with these recommendations:

• Educate users: End users remain the critical link in the chain to stop breaches. Organizations should initiate aggressive awareness and education plans that keep employees and members aware of the latest phishing and social engineering techniques. 

• Practice, train, test: Don’t get ready, stay ready. Security teams should routinely conduct tabletop and red/blue team exercises to identify risks, weaknesses, and to improve response preparedness. 

• Know who’s targeting your industry: Read, study, and invest in intelligence resources that keep you informed on the latest adversary techniques and trends. Intelligence drives operations and understanding precedes effective action.

Stay informed. Stay secure.

Rising GenAI use is just one of many concerning trends highlighted in CrowdStrike’s 2025 Global Threat Report. Download the full report to explore more patterns, threats, and recommendations from a year’s worth of industry-leading threat intelligence.