Nation-State Hackers Abuse Gemini AI Tool

The Google Threat Intelligence Group (GTIG) reported that it has not observed any significant or persistent efforts by nation-state threat actors to exploit AI-specific threats such as prompt attacks. Instead, AI tools like Gemini have mainly been used to enhance productivity. While there have been limited attempts to bypass Gemini’s safety controls using jailbreak prompts, these efforts failed due to Gemini’s built-in safeguards. However, GTIG researchers noted that generative AI enables cyber threat actors to operate at higher speed and scale. As AI continues to evolve, GTIG expects adversaries to adapt and refine their tactics.

Key Insights:

1. Limited Success in AI Exploitation:

   • GTIG has not observed sustained or effective nation-state attacks leveraging AI-specific threats. Gemini’s safety measures have successfully blocked known jailbreak attempts.

2. Iranian APTs Leading AI Misuse:

   • Iranian APT groups, particularly APT42, used Gemini for reconnaissance on defense experts, foreign governments, and dissidents. They also leveraged AI for phishing, translation, and research into known vulnerabilities.

3. Chinese and North Korean Actors Using AI for Cyber Operations:

   • Chinese APTs focused on reconnaissance of US military and IT firms, using Gemini for scripting, malware development, and post-compromise actions like privilege escalation.

   • North Korean actors used Gemini for reconnaissance, job fraud schemes, and researching Google service compromises.

4. Russian Actors Less Reliant on Western AI Tools:

   • Russian nation-state groups used Gemini minimally, mainly for malware obfuscation. They likely avoid Western AI platforms due to monitoring risks and prefer locally hosted or Russian-developed LLMs.

Click to read more from: Infosecurity-Magazine