The integration of artificial intelligence tools like Google’s Gemini by state-sponsored hackers has become a significant concern, particularly as these actors adapt their tactics in cyberattacks. A report from Google’s Threat Intelligence Group (GTIG) reveals that these hackers, mainly from countries such as Iran, North Korea, China, and Russia, are employing AI throughout various phases of their operations, including reconnaissance and malware development.
APT42, an Iranian hacking group, has been identified as using Gemini to refine its social engineering techniques by creating credible email addresses and narratives to deceive targets. Likewise, the North Korean group UNC2970 has leveraged these AI tools to profile high-value individuals, gathering extensive information about cybersecurity and defense companies. Their methods blur the line between legitimate research and malicious activities, allowing them to craft realistic phishing attempts.
The report also highlights a troubling increase in “distillation attacks,” where hackers attempt to extract intellectual property from AI models. One notable instance involved a campaign with over 100,000 prompts aimed at compromising Gemini's reasoning capabilities, indicating a broader trend of targeting AI for nefarious purposes.