AI as tradecraft: How threat actors operationalize AI

This Microsoft Threat Intelligence blog documents how threat actors—particularly North Korean remote IT worker groups such as Jasper Sleet and Coral Sleet—are operationalizing generative and agentic AI across the cyberattack lifecycle to scale persona fabrication, social engineering (phishing and deepfakes), reconnaissance, and malware development (including AI-assisted payloads like OtterCookie); it presents observed TTPs, detection/hunting queries, and mitigation guidance for defenders.