Observed more than 57 different threat actors with connecting China, Iran, North Korea, and Russia to enable malicious cyber and information operations using Google -mounted artificial intelligence (AI) technology. It is done.
Google Threat Intelligence Group (GTIG) said in a new report that “threats have not yet developed gemini, enabled operation, and have not yet developed new abilities.” “Currently, they use AI mainly for research, chord trouble shooting, content creation and localization.”
Government -supported attackers are called highly permanent threats (apt) groups, but using the tools to collect information on coding, scripting tasks, payload development, potential targets, and public. We are trying to strengthen multiple phases of the attack cycle, including research on known vulnerabilities. , And enabling post -agricultural activities such as defense avoidance.
GTIG, which describes Iran APT actors as “the heavyest user of Gemini,” describes the Hacking Crew, which is known as Apt42, states that the country’s hacker accounts for more than 30 % of the use of gemini, creating a fishing campaign. , Tools for conducting defense reconnaissance have been used. Production of experts and organizations, and content using cyber security themes.
Apt42, which overlaps with attractive kittens and cluster tracked as mint sandstorms, has a history of adjusting social engineering schemes to penetrate the target network and cloud environment. In May last year, Mandiant has adopted journalists and event organizers to clarify the target of NGOs, media organizations, academia, legal services, and activists threatening actors in the western and Middle East.
A hostile group has been discovered to study military and weapons systems, study strategic trends in the Chinese defense industry, and better understand the US -made aerospace system.
The Chinese APT Group is searching for Gemini how to dig a deep hole in reconnaissance, troubleshooting codes, and victim network through technology such as horizontal movement, privileged escalation, data removal, and avoiding detection. I understand.
Russian APT actors have converted the generally available malware into another coding language and restricted Gemini to add encrypted layers to existing code, but North Korean actors are Google. We used AI services to study infrastructure and hosting providers.
“It is noteworthy that North Korean actors have used Gemini to keep their cover letter and research work. This supports North Korea’s efforts to place secret IT workers in Western companies. GTIG says, “said GTIG.
“One of the groups supported by North Korea used GEMINI to draft the cover letter and proposals of the duties description, investigated the average salary of specific jobs, and asked about Linkedin’s work. The group. We also use GEMINI for information on overseas employee exchange.
Tech Giant further noted that the underground forum posted to advertise a large language model (LLM) that can generate a response except for safety and ethical constraints.
An example of such tools includes WormGpt, Wolfgpt, Escapegpt, fraud, and GhostGpt. These are designed to create personalized phishing emails, create templates for business email compromise (BEC) attacks, and design unauthorized websites.
The attempt to abuse Gemini is developed mainly in local events, creating, translation, and localization, as part of the impact on Iran, China, and Russia. As a whole, Apt Groups of 20 or more countries used gemini.
Google states that it will “actively develop defense” to compete with quick injection attacks, but further emphasizes the need for cyber defense and strengthen public -private collaboration to confuse threats. “It is necessary to cooperate with the US industry and the government to cooperate. Economic safety.”
Source link
