The Hacker News reports that multiple state-sponsored threat operations have been exploiting Google Gemini to facilitate accelerated cyber intrusions.Gemini has been harnessed by North Korean cyberespionage group UNC2970, which overlaps with the Lazarus Group hacking collective, for rapid open-source intelligence synthesization and high-value target profiling, according to a report from the Google Threat Intelligence Group. Chinese state-backed hacking groups Mustang Panda, Judgment Panda, APT41, and UNC795 were also observed to have abused Gemini for data gathering on targets, automated vulnerability analysis, exploit code debugging, and web shell development, respectively.On the other hand, Iranian threat operation APT42 and the unattributed UNC6418 hacking group leveraged Google's AI assistant for social engineering and targeting intelligence collection activities, respectively. GTIG researchers also discovered that the newly emergent HONESTCUE malware has been using Gemini API to facilitate compromise."...[R]ather than leveraging an LLM to update itself, HONESTCUE calls the Gemini API to generate code that operates the 'stage two' functionality, which downloads and executes another piece of malware," said the report.
AI/ML, Threat Intelligence
Google Gemini weaponized in state-sponsored attacks

An In-Depth Guide to AI
Get essential knowledge and practical strategies to use AI to better your security program.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



