Google’s Gemini AI models are increasingly pivotal in state-sponsored hacking activities, as outlined in their latest Threat Intelligence Group report. AI’s integration spans the entire attack lifecycle, from target acquisition and coding to social engineering and data exfiltration. Nation-state hackers from China, North Korea, and Iran are employing Gemini for reconnaissance, phishing, and crafting malware. China, for example, uses Gemini for penetration testing strategies, while North Korea focuses on profiling high-value targets. Additionally, these actors generate targeted misinformation and propaganda leveraging Gemini’s generative capabilities. Google has disabled assets linked to harmful activities and is enhancing protections against misuse. Notably, emerging threats include bespoke hacking tools and frameworks that utilize Gemini, leading to a growing black market for API keys. Despite the current lack of advanced AI malware, actors are experimenting with augmenting existing malware. Google actively tracks and counters these misuse attempts to safeguard its AI services, indicating an ongoing cybersecurity arms race.
Source link
