More than 57 distinct threat actors with connections to Russia, China, Iran, North Korea, and Russia have been spotted using Google’s artificial intelligence ( AI ) technology to further their vile cyber and information operations.
” Threat actors are experimenting with Gemini to enable their operations, finding productivity gains but not yet developing novel capabilities”, Google Threat Intelligence Group ( GTIG ) in a new report. ” At current, they generally use AI for study, troubleshooting script, and creating and localizing content”.
Government-backed attackers, otherwise known as Advanced Persistent Threat ( APT ) groups, have sought to use its tools to bolster multiple phases of the attack cycle, including coding and scripting tasks, payload development, gathering information about potential targets, researching publicly known vulnerabilities, and enabling post-compromise activities, such as defense evasion.
The hackers team known as APT42, which accounted for more than 30 % of Gemini use by attackers from the country, used its tools to create phishing activities, conduct reconnaissance on security professionals and agencies, and create content with security designs, according to GTIG.
has a history of coordinating improved social engineering plans to invade specific sites and sky environments, which overlaps with clusters tracked as Charming Kitten and Mint Sandstorm. Next May, Mandiant revealed the risk writer’s targeting of Western and Middle Eastern NGOs, advertising agencies, academia, legal services and protesters by posing as editors and event organizers.
Additionally, it has been discovered that the adversarial collective has conducted research on defense and weapons systems, examined proper trends in China’s defense sector, and gained more insight into American-made aerospace systems.
Foreign Ideal groups were found searching Gemini for ways to conduct surveillance, fix code, and methods to burrow deep into victim networks through techniques like lateral motion, luxury escalation, data exfiltration, and detection evasion.
Russian APT actors used Google’s AI service to research infrastructure and hosting providers, while using Gemini to convert publicly available malware into another coding language and add encryption layers to existing code.
” Note: North Korean actors also used Gemini to write cover letters and research positions, which would likely help North Korea’s efforts to employ covert IT professionals at Western companies,” GTIG noted.
” One North Korea-backed group used Gemini to create cover letters and job descriptions, conduct job analysis, and inquire about jobs on Linked In. Gemini was also used to provide group members with information on employee exchanges abroad. Anyone researching and applying for jobs would likely find many of the topics to be common.
The tech giant added that it has seen hidden forum posts promoting nefarious LLMs ( large language models ) that are safe and ethically impossible to generate responses.
Examples of WormGPT, WolfGPT, EscapeGPT, FraudGPT, and GhostGPT, which are explicitly designed to craft personalized phishing emails, generate templates for business email compromise ( BEC ) attacks, and design fraudulent websites.
Attempts to misuse Gemini have also revolved around research into topical events, and content creation, translation, and localization as part of mounted by Iran, China, and Russia. In all, APT groups from more than 20 countries used Gemini.
Google further stressed the need for increased public-private collaboration to increase cyber defenses and disrupt threats, stating that” American industry and government need to work together to support our national and economic security,” while also stating that it is “” to combat .
Found this article interesting? To read more exclusive content we post, follow us on and Twitter.