Fired employee sought AI help to hide deletion of hosting firm’s customer data

Key Points:

• Insider threat incident involving two terminated employees from a hosting firm who used AI tools to delete federal databases and cover their tracks.
• The attack impacted multiple US government agencies, including the IRS and EEOC, leading to unauthorized access and deletion of sensitive data.
• Organizations must implement strict off-boarding procedures, including immediate access revocation and active monitoring of privileged users to mitigate insider threats.

Technical Details: The attackers utilized AI tools to query methods for clearing system logs after deleting databases, highlighting a significant risk in the misuse of AI for malicious purposes.

MITRE ATT&CK Techniques:

• T1078 - Valid Accounts (Defense Evasion)
• T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)

IOCs Mentioned: None mentioned