Illicit use of Google's generative artificial intelligence chatbot Gemini has been conducted by more than 57 state-backed advanced persistent threat groups across 20 countries, according to The Hacker News.
At the forefront of exploiting Gemini for malicious cyber operations were Iranian APTs, particularly APT42, which used the technology to facilitate phishing campaigns and reconnaissance efforts, a report from the Google Threat Intelligence Group revealed.Reconnaissance techniques have also been sought by Chinese APTs using Gemini, which also looked to obtain more information on code troubleshooting and network compromise, while North Korean APTs tapped the Google AI chatbot for infrastructure and hosting provider research, as well as for crafting materials for its fake IT worker scheme.On the other hand, Gemini had been used by Russian APTs for converting malware to other coding languages and encrypting available code.Additional findings revealed the growing prevalence of trojanized large language models promoted across the dark web, said Google, which has already moved to strengthen defenses against prompt injection attacks as it pushed for deeper public-private partnerships in combating cyber threats.
At the forefront of exploiting Gemini for malicious cyber operations were Iranian APTs, particularly APT42, which used the technology to facilitate phishing campaigns and reconnaissance efforts, a report from the Google Threat Intelligence Group revealed.Reconnaissance techniques have also been sought by Chinese APTs using Gemini, which also looked to obtain more information on code troubleshooting and network compromise, while North Korean APTs tapped the Google AI chatbot for infrastructure and hosting provider research, as well as for crafting materials for its fake IT worker scheme.On the other hand, Gemini had been used by Russian APTs for converting malware to other coding languages and encrypting available code.Additional findings revealed the growing prevalence of trojanized large language models promoted across the dark web, said Google, which has already moved to strengthen defenses against prompt injection attacks as it pushed for deeper public-private partnerships in combating cyber threats.
