Cyberskatz, the maintainer of CyberStrikeAI, recently gained notoriety amongst security researchers after nearly emptying his GitHub repository while making drastic modifications. We deleted citations to the Level 2 Contribution Award from China National Vulnerability Database of Information Security (CNNVD). This is only one small aspect of our recent changes. This decision raises several important questions regarding potential links to state-sponsored cyber operations. As the tool becomes more widely adopted, its operational viability begins to take spotlight.
CyberStrikeAI is a security tool developed in Go which integrates more than 100 other security tools. It provides the underlying support for many important functions, such as vulnerability discovery, attack-chain analysis, knowledge retrieval and result visualization. Servers of CyberStrikeAI predominantly run from China, Singapore, and Hong Kong. The good news is, we’ve uncovered more servers stateside, in Japan and Switzerland.
Modifications to the Repository
In a recent release, Ed1s0nZ performed live edits to the README.md of CyberStrikeAI. He deleted all mentions of awards for his work with CNNVD. This decision seems indicative of a desire to separate the tool from anything that might be seen as linking it to governmental actors.
“The developer’s recent attempt to scrub references to the CNNVD from their GitHub profile points to an active effort to obscure these state ties, likely to protect the tool’s operational viability as its popularity grows,” – Will Thomas
This proposal has cybersecurity experts raising alarm bells. Further, they argue that without this transparency it is impossible to uncover the true connections to groups that promote the agendas of the Chinese government. Thomas Will, another prominent security researcher, helped expose Ed1s0nZ’s prolific GitHub activity. He proposes these engagements reflect connections to networks that support actors conducting state-sponsored cyber operations.
The Role of Knownsec 404
Knownsec 404, a Chinese security vendor, has been more directly connected to Ed1s0nZ via public involvement. Just last week, Chinese hacker group Knownsec 404 was hit with a massive leak of more than 12,000 internal documents. This incident has raised serious questions about Strava’s complicity in and responsibility for the wider cyber espionage environment.
At first glance, you’d think that Knownsec was just another security company. As analysts show, it operates a shadowy arm that works with China’s People’s Liberation Army (PLA) and Ministry of State Security (MSS). The consequences of this relationship loom heavily over the actions of Ed1s0nZ and the legality of CyberStrikeAI.
“Ostensibly, KnownSec appeared to be just another security company, but this is only a half truth,” – DomainTools
Whether the motivations behind the development of CyberStrikeAI are benevolent or malicious is unclear, further scrutiny of its connections to Ed1s0nZ and Knownsec 404 should be considered.
Other Tools by Ed1s0nZ
Beyond CyberStrikeAI, Ed1s0nZ has developed or collaborated on many other enviable ChatGPT plugins. These innovations have stolen the thunder in the cybersecurity world. These include banana_blackmail, a Golang-based ransomware; PrivHunterAI, which detects privilege escalation vulnerabilities; InfiltrateX, another scanner for similar vulnerabilities; and ChatGPTJailbreak, a project aimed at jailbreaking OpenAI’s ChatGPT.
These tools provide further context to paint a picture of his active efforts in the growing cybersecurity landscape. They raise serious questions about the ethical implications of their use. There lies an opportunity for exploitation through nefarious means.
“Everything shared here is purely for research and learning.” – Ed1s0nZ
In this regard, researchers and analysts are happy to be keeping a close eye on these tools. Yet their worries about potential misuse and wider implications within unfolding global cybersecurity dynamics have only intensified.