Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations
Google has revealed that more than 57 state-sponsored hacking groups from China, Iran, North Korea, and Russia are actively using its artificial intelligence technology to enhance their cyber operations.
According to a new report from Google's Threat Intelligence Group (GTIG), these Advanced Persistent Threat (APT) groups are primarily using Google's Gemini AI for research, code development, and content creation tasks. While the AI usage has improved their productivity, it hasn't yet led to breakthrough capabilities.
Iranian threat actors emerged as the most prolific users of Gemini, with APT42 accounting for over 30% of Iran's AI usage. This group has been using the technology to design phishing campaigns and gather intelligence on defense organizations.
Chinese state-backed groups focused on using Gemini for network infiltration techniques, including reconnaissance, code troubleshooting, and developing methods for lateral movement within compromised systems. Russian actors mainly used the AI to modify existing malware and enhance code encryption.
North Korean hackers showed a unique pattern, using Gemini to research job opportunities and draft cover letters - potentially supporting efforts to place covert IT workers in Western companies. They also utilized the AI to research infrastructure and hosting providers.
The report highlighted concerns about underground forums advertising modified versions of large language models (LLMs) specifically designed for malicious purposes. These unauthorized variants, including WormGPT and FraudGPT, are being marketed for creating sophisticated phishing emails and fraudulent websites without ethical restrictions.
In response to these threats, Google announced it is strengthening its defenses against AI misuse and called for increased collaboration between private industry and government to enhance cybersecurity measures.
The findings underscore the growing intersection of artificial intelligence and cyber threats, with state-sponsored actors from over 20 countries leveraging AI tools for various malicious activities.