AI/ML, Threat Intelligence

Google Gemini weaponized in state-sponsored attacks

The Hacker News reports that multiple state-sponsored threat operations have been exploiting Google Gemini to facilitate accelerated cyber intrusions.

Gemini has been harnessed by North Korean cyberespionage group UNC2970, which overlaps with the Lazarus Group hacking collective, for rapid open-source intelligence synthesization and high-value target profiling, according to a report from the Google Threat Intelligence Group. Chinese state-backed hacking groups Mustang Panda, Judgment Panda, APT41, and UNC795 were also observed to have abused Gemini for data gathering on targets, automated vulnerability analysis, exploit code debugging, and web shell development, respectively.

On the other hand, Iranian threat operation APT42 and the unattributed UNC6418 hacking group leveraged Google's AI assistant for social engineering and targeting intelligence collection activities, respectively. GTIG researchers also discovered that the newly emergent HONESTCUE malware has been using Gemini API to facilitate compromise.

"...[R]ather than leveraging an LLM to update itself, HONESTCUE calls the Gemini API to generate code that operates the 'stage two' functionality, which downloads and executes another piece of malware," said the report.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds