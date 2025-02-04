Google has reported that dozens of cybercriminal organizations from countries including North Korea and China are misusing its Gemini AI platform to enhance their cyberattacks.

TechRadar reports that in a recent in-depth analysis, Google’s Threat Intelligence Group has revealed that cybercriminals from various countries, including Iran, North Korea, Russia, and China, are exploiting the company’s AI solution, Gemini, to bolster their malicious activities. The report highlights how these threat actors are utilizing the platform to refine their existing attack methods, although they have not yet discovered novel capabilities.

According to Google’s findings, the cybercriminals are primarily using Gemini for reconnaissance, vulnerability research, scripting and development, translation and explanation, and deeper system access and post-compromise actions. The company observed a total of 57 groups abusing the platform, with more than 20 originating from China.

Among the North Korean threat actors using Gemini, APT42 stood out as a significant player, accounting for over 30 percent of the country’s threat actor activity on the platform. Google noted that APT42’s Gemini usage reflected the group’s emphasis on crafting successful phishing campaigns. The group employed Gemini to conduct reconnaissance on individual policy and defense experts, as well as organizations of interest.

Additionally, APT42 leveraged Gemini’s text generation and editing capabilities to create phishing messages, particularly targeting US defense organizations. The group also utilized Gemini for translation and localization purposes, tailoring content to local culture and language.

Since the launch of ChatGPT, security researchers have been cautioning about the potential abuse of AI in cybercrime. Previously, one of the most effective ways to identify phishing attacks was to look for spelling and grammar errors, as well as inconsistent wording. However, with AI now handling the writing and editing, this method has become nearly obsolete, forcing security professionals to develop new approaches to combat these threats.

Google’s report serves as a reminder of the growing sophistication of cybercriminals and their ability to adapt and exploit emerging technologies for their malicious purposes. As AI continues to advance, it is crucial for organizations and individuals to remain vigilant and proactive in their cybersecurity efforts. This includes staying informed about the latest threats, implementing robust security measures, and educating employees about the risks associated with phishing and other social engineering tactics.

