An African technology university stopped a recent cyberattack using artificial intelligence (AI). The attackers attempted to distribute PrivateLoader malware, a pay-per-install malware service commonly associated with cryptomining and intellectual property (IP) theft.

The public university, which has been established for over 30 years in Africa, awards students with undergraduate and graduate degrees in technology-related subjects. The university holds vast amounts of intellectual property, including government-funded research into AI, robotics and sustainable energy solutions, which are a prime target for financially motivated cybercriminals as well as state-sponsored attackers.

The university was targeted during a trial of Darktrace AI in mid-April. The AI technology had formed an understanding of the university's normal operations across its digital estate, which allowed it to spot the out-of-the-ordinary activity indicative of an attack. In this case, the AI detected a desktop connecting to a rare external endpoint using a mechanism that was not consistent with their technology stack.

The IP address was subsequently tracked and found to be related to the pay-per-install malware service, PrivateLoader. The compromised device was then observed performing activity indicative of 'RedLineStealer' and 'MarsStealer,' information-stealing malware which exfiltrate data with the intent of monetizing it through direct use or distribution on darknet sites.

The AI detected the attack in its earliest stages, and the threat was interrupted before any critical research or student data could be exfiltrated. After the attack was contained, a thorough investigation into the incident was conducted to ensure future cyber resilience for the university.