Nation-State Hackers Exploit Google's Gemini for Malicious Cyber Activities
Russian and other nation-state threat actors are exploiting Gemini's generative AI tool for malicious cyber activities. These groups are using the tool to enhance their malware, increase operational speed, and conduct reconnaissance.
Gemini's large language model is being abused by various state-sponsored groups, including those from Russia, China, North Korea, and Iran. Russian actors use it limitedly for rewriting malware and adding encryption. Chinese groups employ it for reconnaissance, compromise assistance, and post-compromise activities. North Korean actors use it for research, IT worker schemes, and initial target reconnaissance. Iranian actors, notably APT42, use it extensively for reconnaissance and crafting phishing emails in multiple languages.
Threat actors are leveraging generative AI to move faster and operate at a higher volume. They use Gemini for tasks such as research, vulnerability exploitation, malware development, and creating localized content like phishing emails. However, attempts to bypass Gemini's safety controls have failed, with the tool declining to follow threat actors' instructions.
Gemini, Google's generative AI tool, is being misused by nation-state threat actors for various malicious cyber activities. As new AI models and agentic systems emerge, threat actors are expected to evolve their use of AI. Cybersecurity experts urge vigilance and continued monitoring of AI tools to prevent further abuse.
Read also:
- U.S. Spy Satellites Face Growing Cyber Threats, NRO Warns
- China's Automotive Landscape: Toyota's Innovative Strategy in Self-Driving Vehicles
- Strengthening Defense Against Combined Cyber Threats during the Age of Technological Autocracy
- Nissan Fortifies Supply Chain and Cybersecurity with KPMG, PwC Partnerships
