A report from Google’s Threat Intelligence Group reveals that cybercriminals are increasingly using AI Gemini for their illicit activities, with 57 identified hacking groups utilizing the technology. These groups, primarily from countries like China, Iran, North Korea, and Russia, exploit Gemini for various purposes, from creating phishing schemes to refining malicious code. The rise of AI in cybercrime necessitates improved security measures around language models, as Google stresses the importance of collaboration to combat this escalating threat.
AI Gemini: A Tool for Cybercriminals
A recent report from the Google Threat Intelligence Group (GTIG) highlights a concerning trend: numerous hacking collectives are now employing AI Gemini to execute their cyber operations.
Throughout history, whenever a powerful tool emerges, there are those who will repurpose it for harmful intentions. The rise of artificial intelligence, particularly with the widespread adoption of platforms like ChatGPT, quickly attracted the attention of malicious actors, who found alternative applications beyond benign tasks like travel planning or professional correspondence. One alarming use has been in orchestrating cyberattacks.
While AI systems are designed with safeguards, vulnerabilities can be exploited, allowing individuals to manipulate them for forbidden activities. In fact, there are numerous methods hackers can utilize chatbot functionalities to engage in illicit online behavior.
Insights from the GTIG Report
In its latest findings, the GTIG reveals that Gemini, a language model developed by Google, has gained traction among cybercriminals. The group has identified 57 distinct hacking entities globally that are leveraging Gemini for their malicious endeavors. Notably, these are classified as APT (Advanced Persistent Threat) groups, which implies they are often backed by government resources and support.
According to Google, nearly 60 hacking groups are utilizing AI Gemini, primarily from countries such as China, Iran, North Korea, and Russia. The report notes that these groups use AI Gemini to “facilitate their operations” and enhance “productivity,” though they do not appear to be creating “new capabilities.”
Different nations exploit AI Gemini in various ways. For instance, Iranian hackers, who are the largest users of Gemini, employ it to craft sophisticated phishing schemes, pinpoint cybersecurity professionals, and generate relevant content. Conversely, China focuses on refining malicious code and researching stealthy infiltration tactics for computer systems. Russian hackers primarily utilize Gemini for translating publicly available malware into different programming languages and reinforcing encryption on existing codes.
North Korean hackers, intriguingly, request Gemini’s assistance in crafting cover letters for job applications. Their actual aim is to embed spies within Western corporations. This strategy includes gathering average salary data for specific roles and probing LinkedIn for employee exchange information.
The Rising Threat of AI in Cybercrime
Artificial intelligence is proving to be an invaluable asset for cybercriminals. While Google points to Gemini as an example, the issue extends beyond a single model. The company has observed a surge in advertisements for overtly fraudulent AI modifications, known as WormGPT, FraudGPT, or GhostGPT, which facilitate the creation of tailored phishing emails and counterfeit websites.
The GTIG emphasizes the urgent need to enhance security measures around large language models (LLMs) to thwart their misuse for deceitful purposes. Google is actively working to mitigate injection attacks that could manipulate AI systems beyond their intended frameworks. However, the company underscores the necessity of collaboration between industry experts and government entities to establish a more robust defense against this growing threat.