GenAI is increasingly integrated into the workflows of state-sponsored cyber espionage groups, including those from China, Iran, North Korea, and Russia. Utilized mainly through Google’s Gemini AI system, these actors enhance various phases of cyber operations—ranging from reconnaissance to post-breach activities. The Google Threat Intelligence Group observes advanced persistent threat (APT) groups employing Gemini for target profiling, phishing email generation, document translation, coding, and malware troubleshooting. While GenAI is viewed as an operational assistant rather than an autonomous attack platform, its adoption is notably rising.
For instance, North Korean hackers (UNC2970) leverage it for profiling defense and cybersecurity targets, employing social engineering tactics like job-recruitment scams. Iranian group APT42 also uses Gemini to bolster social-engineering efforts. Despite the growing interest in AI among cybercriminals, Google states there haven’t been significant advancements in their capabilities yet, primarily using AI to streamline routine tasks and improve operational efficiency.
Source link
