Cybercriminals have created a ransomware toolkit powered by artificial intelligence that automatically maps out Active Directory environments and sidesteps endpoint detection and response systems.
The toolkit and its attack payloads were developed with help from Cursor and Claude Opus AI agents, which were involved throughout every phase – from writing the initial code to debugging and improvement cycles. The AI agents were even instructed to browse security research articles to find bypass strategies they could incorporate.
Several AI-generated malware samples were put to the test, pitted against endpoint security platforms from leading vendors including Sophos, CrowdStrike, and Microsoft Defender.
Even though AI was heavily involved in designing and refining the toolkit, Sophos researchers emphasize that humans still call the shots at every level of the operation.
Fast-tracking EDR Evasion
Analysts at Sophos stumbled upon the toolkit after systems at one of their clients raised red flags. Suspicious files had surfaced in a user’s Documents folder, and the telltale signs pointed to a custom framework with detection avoidance at its core:
- Tweaked Cobalt Strike profiles crafted to disguise command-and-control beacon traffic as routine HTTP web traffic
- A Telegram bot-powered command and control channel that funneled data exchanges through Telegram’s infrastructure, avoiding direct network connections
- Scripts written in Python that perform shellcode injection into trusted Windows applications without disrupting their functionality
- A Cloudflare Worker script deployed as a redirector to mask the true location of the attacker’s C2 server
Sophos cautions that while the toolkit might look like legitimate red-team software designed for post-exploitation testing, it bears the hallmarks of a tool built for ransomware-related cybercrime.
“We initially considered the possibility that a professional red team was behind the activity, but as we dug deeper, we uncovered additional evidence pointing to criminal intent,” Sophos shared with BleepingComputer.
Entries in the Cobalt Strike operator logs that referenced a ransom note and listed multiple victim organizations on a ransomware leak site confirmed the toolkit’s role in criminal operations.
AI-Driven Malware Engineering
In a report released today, Sophos reveals that numerous Python scripts recovered on the compromised machine were authored in Russian and produced with AI assistance.
During their probe, investigators uncovered a Git repository containing an automated Active Directory discovery dashboard and a development lab that followed a cycle of building, testing, and refining malware against endpoint protection agents from Sophos, CrowdStrike, and Windows Defender.
According to Sophos, the AD discovery process works by gathering intelligence from completed tasks and then choosing the next move from a set of predefined options. That task is then handed off to remote agents, and the results are evaluated to guide the next step.
The framework employs multiple AI agents, each assigned a specific responsibility. For example, a Claude Opus 4.5 agent oversees and coordinates the entire research and development pipeline, while other agents focus on testing, operational security hardening, documentation, proxy stress testing, virtual machine provisioning, and similar duties.
During the development phase, certain agents cataloged bypass methods described in research publications from Kaspersky, Palo Alto Networks, Bishop Fox, and SpecterOps, as well as techniques shared on social media platforms.
These agents parsed the techniques, aligned them with entries in the MITRE ATT&CK framework, determined what was needed to replicate them, set up a testing environment, carried out the technique, and documented the results.
The centerpiece of the toolkit is a Python-based payload generator that produces executables primarily written in Rust and Go, each incorporating a specific evasion method. Nearly 80 modules were created and evaluated against over 70 different techniques.
“This modular Windows payload loader generator wraps a raw payload in layers of encryption, evasion, and alternative execution techniques, producing custom-built executables or DLLs intended to resist sandboxing, antivirus, and EDR detection” – Sophos
Although the AI agents initially reported a high rate of failure, the modules eventually managed to evade nearly all tested EDR solutions after multiple refinement cycles. That said, Sophos identified inconsistencies between the actual test results and what the framework’s internal logs reported in certain cases, though the cause of these discrepancies remains unclear.
Source: Sophos
Sophos confirmed there was no sign that AI was embedded within the malware deployed on victim machines or that it operated autonomously inside compromised networks. Rather, AI served as an accelerator – dramatically speeding up the cycle of building, testing, and fine-tuning attack payloads against commercial security products.
AI tools are compressing the window between when offensive security techniques are publicly disclosed and when threat actors can weaponize them in real-world attacks.
Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.
This guide covers the 6 surfaces you actually need to validate.
Download Now
