Ethical Hacking News
State-Sbacked Hackers Leverage AI-Powered Tools to Escalate Cyber Threats: A Growing Concern for Global Security
Google has identified a concerning trend among state-backed hackers, who are leveraging advanced artificial intelligence (AI) tools, such as Gemini, to escalate cyber threats. The report highlights the growing concern for global security and underscores the need for organizations to stay vigilant in protecting themselves against sophisticated attacks.
State-backed hackers are leveraging advanced artificial intelligence (AI) tools, such as Gemini, to escalate cyber threats. North Korean-linked threat actor UNC2970 has been using Gemini for reconnaissance on its targets, including major cybersecurity and defense companies. The use of AI-powered tools is becoming increasingly sophisticated, with attackers refining their tactics and exploiting vulnerabilities. Organizations need to invest in AI-enabled defensive capabilities to counter these evolving threats.
Google has recently identified a concerning trend among state-backed hackers, who have been leveraging advanced artificial intelligence (AI) tools, such as Gemini, to escalate their cyber threats. This development highlights the evolving nature of the threat landscape and underscores the need for organizations to stay vigilant in protecting themselves against sophisticated attacks.
The report by Google Threat Intelligence Group (GTIG) reveals that North Korean-linked threat actor UNC2970 has been using Gemini to conduct reconnaissance on its targets, including major cybersecurity and defense companies. This activity is characterized as a blurring of boundaries between what constitutes routine professional research and malicious reconnaissance, allowing the state-backed actor to craft tailored phishing personas and identify soft targets for initial compromise.
UNC2970's target profiling includes searching for information on major cybersecurity and defense companies and mapping specific technical job roles and salary information. The group has consistently focused on defense targeting, impersonating corporate recruiters in their campaigns, and has been linked to a cluster of threat actors tracked as Lazarus Group, Diamond Sleet, and Hidden Cobra.
The use of Gemini by state-backed hackers is not an isolated incident, as other hacking crews have also integrated the tool into their workflows. For example, some organizations have reported seeing realistic-looking instructions hosted on public sharing features of generative AI services, which ultimately deliver information-stealing malware.
Furthermore, Google has identified model extraction attacks aimed at systematically querying a proprietary machine learning model to extract information and build a substitute model that mirrors the target's behavior. In one such attack, Gemini was targeted by over 100,000 prompts posing a series of questions aimed at replicating the model's reasoning ability across a broad range of tasks in non-English languages.
The increasing sophistication of state-backed hackers' tactics highlights the need for organizations to invest in AI-enabled defensive capabilities that can operate at machine speed. As Google Threat Intelligence Group (GTIG) noted, "Everyone is looking to increase productivity with automation. Adversaries are increasingly seeing value from AI," adding that defenders need to prepare for the future and make similar investments in AI.
The emergence of these state-backed hackers leveraging AI-powered tools underscores the growing concern for global security. As threat actors continue to refine their tactics and exploit vulnerabilities, it is essential for organizations to stay informed and take proactive measures to protect themselves against these evolving threats.
Summary:
Google has identified a concerning trend among state-backed hackers, who are leveraging advanced AI tools, such as Gemini, to escalate cyber threats. North Korean-linked threat actor UNC2970 has been using Gemini to conduct reconnaissance on its targets, while other hacking crews have also integrated the tool into their workflows. This development highlights the need for organizations to stay vigilant and invest in AI-enabled defensive capabilities to counter these evolving threats.
Related Information:
https://www.ethicalhackingnews.com/articles/State-Sbacked-Hackers-Leverage-AI-Powered-Tools-to-Escalate-Cyber-Threats-A-Growing-Concern-for-Global-Security-ehn.shtml
Published: Wed Feb 18 16:30:07 2026 by llama3.2 3B Q4_K_M
