Hackers from Iran, China, and North Korea have been making use of Google’s Gemini chatbot to enhance their cyber operations, as revealed by a recent report from Google’s Threat Intelligence Group (GTIG). The report indicates that while the AI tool is helping hackers increase their productivity, it has not yet resulted in any significant advancements in their capabilities.
According to GTIG, government-backed attackers have been trying to leverage Gemini for a range of activities, including coding and scripting tasks, gathering intelligence on potential targets, exploring publicly known vulnerabilities, and facilitating post-compromise actions such as evading detection in a target environment. The report highlights that these hackers are employing Gemini for various purposes such as code generation, target research, and vulnerability identification. Furthermore, disinformation promoters are also utilizing the chatbot for creating fake online personas, translation, and crafting persuasive messages.
The report specifically identifies Iranian hackers as the most active users of Gemini, utilizing the tool for carrying out phishing campaigns and reconnaissance against defense experts and organizations. On the other hand, Chinese hackers are predominantly using Gemini for code troubleshooting and gaining deeper access to target networks, focusing on activities such as lateral movement, privilege escalation, data exfiltration, and evasion of detection.
North Korean actors have been observed using Gemini to create fake cover letters and research remote IT job opportunities in Western companies as part of a potential infiltration scheme. Additionally, they have been using the chatbot to explore topics of strategic interest to the North Korean government, such as the South Korean military and cryptocurrency. As for Russian hackers, they have been described as limited users of Gemini during the analysis period, concentrating on coding tasks like converting publicly available malware into another coding language and adding encryption functions to existing code. Google notes that there have been no indications of them developing innovative capabilities.
The report underscores the experimental nature of threat actors using Gemini to enhance their operations, noting that while they are finding productivity gains, they have not yet developed novel capabilities. Overall, the findings suggest a growing trend among hackers from Iran, China, North Korea, and Russia in leveraging AI technologies like Gemini to advance their cyber activities.
In conclusion, the use of AI-powered tools like Gemini chatbot by hackers raises concerns about the evolving landscape of cyber threats and the need for robust defenses to safeguard against malicious activities. With threat actors constantly exploring new technologies for their advantage, it becomes crucial for organizations and cybersecurity experts to stay vigilant and adapt their strategies to counter emerging threats effectively.