Google's Threat Intelligence Group (GTIG) has identified government-backed APT groups from over 20 countries, including Iran, China, North Korea, and Russia, experimenting with its Gemini AI assistant. These groups primarily use Gemini for productivity boosts, such as coding assistance, vulnerability research, reconnaissance, and developing attack strategies rather than creating advanced AI-driven cyber threats.
Iranian and Chinese threat actors are the most active users, leveraging Gemini for tasks ranging from reconnaissance on military organizations to privilege escalation techniques and security tool analysis. North Korean actors use it for job application drafting to support illicit IT worker schemes, while Russians mainly focus on scripting and payload development.
Despite attempts by hackers to bypass Gemini’s security using public jailbreaks, Google reports these efforts have been unsuccessful. However, concerns persist as less secure AI models, like DeepSeek R1 and Qwen 2.5, remain vulnerable to abuse. This growing misuse underscores the cybersecurity risks tied to generative AI technologies.
Read more...