Summary: State-sponsored groups are exploiting Google’s AI-powered Gemini assistant for various research and productivity tasks, including reconnaissance and developing malicious tools. Google has identified these activities mainly among APT groups from Iran and China, while noting limited engagement from Russian actors. Concerns have also been raised regarding the security measures of other AI models that may be vulnerable to misuse.
Affected: Google, cybersecurity community
Keypoints :
- APT groups from over 20 countries are using Gemini primarily for productivity and reconnaissance.
- Iranian threat actors extensively leveraged Gemini for research and content creation linked to cybersecurity and military technologies.
- Chinese threat actors focused on reconnaissance and scripting tasks related to U.S. military and government organizations.
- North Korean APTs utilized Gemini for multiple attack phases, including job applications under false identities.
- Russian engagement with Gemini was minimal, suggesting a preference for domestic AI tools.
- Attempts to bypass Gemini’s security measures have been noted but were largely unsuccessful.
- Concerns exist regarding the lax security of other AI models that could facilitate malicious use.