More than 57 different threats associated with China, Iran, North Korea and Russia were observed using artificial intelligence technology (AI), which works on Google to even more malicious cyber -information operations.
“The actors threatening experiment with Gemini to provide their activity by finding performance but not yet developing new opportunities,” Google Intelligence Group (Gtig) Google Intelligence (Gtig) – Note In a new report. “Currently, they primarily use AI for research, troubleshooting, and creating and localization of contents.”
The attackers supported by the government, otherwise known as advanced sustainable threats (APT) sought to use their tools to strengthen several stages of the attack cycle, including coding and script tasks, development of useful load, collection of potential goals, research public vulnerabilities, And inclusion after forced activities such as evading protection.
Describing Iranian perfect actors as “the hardest users of the twins”, Gtig said that hacking a crew known as APT42, which came more than 30% of the use of twins hackers from the country, used its tools to create phishing campaigns that conducted protection on protection Experts and organizations, as well as generate content with cybersecurity.
APT42The crossing with clusters, trapped as a magical kitten and mint sandstone, has the history of orchestration of expanded social engineering schemes to penetrate target networks and cloud conditions. Last May, Mandiant discovered the orientation of the actor of the Western and Middle Eastern NGOs, the media organizations, academia, legal services and activists, presenting both journalists and organizers.
A competitive team was also found for the study of the military and weapons, studying strategic trends in China’s defense and gets a better understanding of American aerospace systems.
The Chinese APT groups were found in search of twins on the ways of exploration, troubleshooting and wandering methods deep into the victim network through methods such as lateral traffic, escalation of privileges, data expression and evading detection.
While the Russian actors were limited to the use of Gemini to convert publicly available malware to another coding language and adding encryption layers to the existing code, North Korean actors used Google AI service for research infrastructure and hosting suppliers.
“It should be noted that North Korean actors also used twins to develop supporting letters and research works – activate, which probably IT workers In Western campaigns, “Gtig said.
“One group supported by North Korea used gemini to develop accompanying letters and job description offers, studied the average salary for specific jobs and asked about jobs at LinkedIn. The group also used twins to information about foreign exchanges. Many topics They will be common to those who study and apply for work. “
The technological giant further noted that he saw that the underground forum reports advertising versions of large language models (LLMS) that are able to create answers that can provide any safety and ethical restrictions.
Examples Such tools include Wormgpt, Wolfgpt, Escapegpt, Faraudgpt and Ghostgpt, which are clearly designed to create personalized phishing emails, generates templates for business complications (BEC), as well as false sites design.
Attempts to abuse twins also spin around research of current events and creating content, translation and localization within affect the operations Established by Iran, China and Russia. Overall, APT groups from more than 20 countries used twins.
Google who said it is’Active Deployment Defense“To resist Surgical attacks of injectionsIn addition, he emphasized the need to increase public-private cooperation to enhance cyber defense and violation of threats, saying that “the American industry and the government need to work together to support our national and economic security.”
