One Article Review
| Source |  Techworm |
|---|---|
| Identifiant | 8645260 |
| Date de publication | 2025-01-31 19:21:04 (vue: 2025-01-31 13:53:39) |
| Titre | Hackers From China, North Korea, Iran & Russia Are Using Google’s AI For Cyber Ops |
| Texte | Google\'s Threat Intelligence Group (GTIG) has issued a warning regarding cybercriminals from China, Iran, Russia, and North Korea, and over a dozen other countries are using its artificial intelligence (AI) application, Gemini, to boost their hacking capabilities. According to Google\'s TIG report, published on Wednesday, state-sponsored hackers have been using the Gemini chatbot to improve their productivity in cyber espionage, phishing campaigns, and other malicious activities. Google examined Gemini activity linked to known APT (Advanced Persistent Threat) actors and discovered that APT groups from over twenty countries have been using large language models (LLMs) primarily for research, target reconnaissance, the development of malicious code, and the creation and localization of content like phishing emails. In other words, these hackers seem to primarily use Gemini as a research tool to enhance their operations rather than develop entirely new hacking methods. Currently, no hacker has successfully leveraged Gemini to develop entirely new cyberattack methods. “While AI can be a useful tool for threat actors, it is not yet the gamechanger it is sometimes portrayed to be. While we do see threat actors using generative AI to perform common tasks like troubleshooting, research, and content generation, we do not see indications of them developing novel capabilities,” Google said in its report. Google tracked this activity to more than ten Iran-backed groups, more than twenty China-backed groups, and nine North Korean-backed groups. For instance, Iranian threat actors were the biggest users of Gemini, using it for a wide range of purposes, including research on defense organizations, vulnerability research, and creating content for campaigns. In particular, the group APT42 (which accounted for over 30% of Iranian APT actors) focused on crafting phishing campaigns to target government agencies and corporations, conducting reconnaissance on defense experts and organizations, and generating content with cybersecurity themes. Chinese APT groups primarily used Gemini to conduct reconnaissance, script and develop, troubleshoot code, and research how to obtain deeper access to target networks through lateral movement, privilege escalation, data exfiltration, and detection evasion. North Korean APT hackers were observed using Gemini to support multiple phases of the attack lifecycle, including researching potential infrastructure and free hosting providers, reconnaissance on target organizations, payload development, and help with malicious scripting and evasion methods. “Of note, North Korean actors also used Gemini to draft cover letters and research jobs-activities that would likely support North Korea’s efforts to place clandestine IT workers at Western companies,” the company noted. “One North Korea-backed group utilized Gemini to draft cover letters and proposals for job descriptions, researched average salaries for specific jobs, and asked about jobs on LinkedIn. The group also used Gemini for information about overseas employee exchanges. Many of the topics would be common for anyone researching and applying for jobs.” Meanwhile, Russian APT actors demonstrated limited use of Gemini, primarily for coding tasks such as converting publicly available malware into different programming languages and incorporating encryption functions into existing code. They may have avoided using Gemini for operational security reasons, opting to stay off Western-controlled platforms to avoid monitoring their activities or using Russian-made AI tools. Google said the Russian hacking group’s use of Gemini has been relatively limited, possibly because it attempted to prevent Western platforms from monitoring its activities |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | “of “one “while about abuse access according accounted activities activity actors advanced agencies also anyone application applying appropriate apt apt42 are artificial asked attack attempted available average avoid avoided back backed because been biggest boost campaigns can capabilities chatbot china chinese clandestine it code coding common companies company conduct conducting content controlled converting corporations countering countries cover crafting creating creation curb currently cyber cyberattack cybercriminals cybersecurity data deeper defense demonstrated descriptions detection develop developing development different discovered disrupting dozen draft efforts emails employee encryption enforcement enhance entirely escalation espionage evasion examined exchanges exfiltration existing experts fed focused free from functions gamechanger gemini generating generation generative google google’s government group group’s groups gtig hacker hackers hacking has have help hosting how implementing improve including incorporating indications information infrastructure instance intelligence investigate iran iranian issued its job jobs known korea korea’s korean language languages large lateral law learnings letters leveraged lifecycle like likely limited linked linkedin llms localization made malicious malware many may meanwhile measures methods misuse misused models monitoring more movement multiple networks new nine north not note noted novel observed obtain off operational operations ops opting organizations other over overseas particular payload perform persistent phases phishing place platforms portrayed possibly potential prevent primarily privilege product productivity products programming proposals providers publicly published purposes range rather reasons reconnaissance regarding relatively report research researched researching russia russian safeguards safety said salaries says script scripting security see seem services sometimes specific sponsored state stay strong successfully such support systems target tasks ten than them themes these threat through tig tool tools topics tracked troubleshoot troubleshooting twenty use used useful users using utilized vulnerability warning wednesday western when which who wide words work workers would yet including “moreover “we |
| Tags | Malware Tool Vulnerability Threat Legislation Cloud |
| Stories | APT 42 |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.