Hive0163 Deploys AI-Generated Slopoly Malware in Ransomware Campaigns

The financially motivated threat actor Hive0163 has been observed using an AI-assisted malware called Slopoly to establish persistent access in ransomware attacks. Slopoly, believed to have been developed with the assistance of large language models (LLMs), functions as a sophisticated backdoor that beacons system information to command-and-control servers, executes commands, and relays results back to attackers. This represents a concerning evolution in malware development, where artificial intelligence is being weaponized to accelerate the creation of new malware frameworks and scale criminal operations. The emergence of AI-assisted malware like Slopoly, VoidLink, and PromptSpy highlights how cybercriminals are leveraging cutting-edge technology to enhance their capabilities. Organizations should implement multi-layered defense strategies, including advanced behavioral analytics and AI-powered threat detection, to counter these evolving threats.