State-sponsored hackers from China, Iran, and North Korea have begun exploiting Google’s AI model, Gemini, for cyberattacks, according to a recent report from Google Threat Intelligence Group. These actors use Gemini for reconnaissance, social engineering, and malware development, marking a shift in AI integration in cyber operations. For instance, APT31 used Gemini to automate vulnerability analysis while Iranian actor APT42 utilized it for crafting social engineering personas. North Korean group UNC2970 leveraged the AI for profiling high-value targets. Additionally, cybercriminals are increasingly interested in AI tools; Google observed the creation of phishing kits and malware like CoinBait and HonestCue, which utilize AI for credential harvesting and code generation. Google has since disabled problematic accounts and enhanced defenses against model extraction attacks, which involve adversaries attempting to replicate AI capabilities. Despite these advancements, Google indicates that breakthrough AI capabilities have yet to fundamentally alter the cyber threat landscape.
Source link
Share
Read more