Recent reports reveal that nation-backed hackers are now using advanced artificial intelligence tools to ramp up their cyberattacks. Countries like Iran, North Korea, China, and Russia are leveraging models such as Google’s Gemini to enhance their campaigns. This shift means more sophisticated phishing, malware development, and reconnaissance efforts, making cyber threats more targeted and harder to detect.

AI Boosts Reconnaissance and Social Engineering

State-sponsored hackers are using AI to gather intelligence on their targets more effectively. For example, Iranian group APT42 has employed Gemini to improve its reconnaissance activities. They use AI to create convincing email addresses that look official and to craft believable pretexts for contacting targets. The group also develops personas and scenarios that feel natural, using native language phrases to avoid common red flags like poor grammar or awkward syntax.

This AI-driven approach allows them to blend in more seamlessly, making their social engineering attempts more successful. By translating between languages and generating nuanced responses, these hackers can approach defense and government sectors with greater confidence and precision. Similarly, North Korea’s UNC2970 has used AI to profile high-value targets, including cybersecurity and defense companies, gathering details like job roles and salary information. This level of detailed research helps create highly tailored phishing campaigns that appear legitimate, blurring the lines between routine research and malicious reconnaissance.

AI Models at Risk of Theft and Exploitation

Beyond misuse in attacks, there’s a growing concern about AI model theft. Google’s Threat Intelligence Group (GTIG) has observed an increase in attempts to steal proprietary AI models through methods called model extraction or distillation attacks. These involve sending massive numbers of prompts—over 100,000 in some cases—to coax the AI into revealing its reasoning processes.

The goal of these attacks is often to replicate the AI’s capabilities in other languages or for different tasks without permission. While no major attacks on top-tier models have been confirmed, GTIG has identified and disrupted several ongoing efforts. These attempts could lead to the theft of valuable intellectual property and the potential for malicious actors to develop their own versions of powerful AI tools.

This new threat landscape shows how AI isn’t just a tool for improving cybersecurity but also a target for misuse and theft. As AI models become more integral to tech development, protecting these assets will be increasingly important for organizations worldwide. The report highlights the need for vigilance and stronger security measures to prevent both direct attacks and intellectual property theft involving advanced AI models.

Inspired by

• https://www.artificialintelligence-news.com/news/state-sponsored-hackers-ai-cyberattacks-google/

Sources

• unsplash.com
• ai-expo.net
• techexevent.com
• techforge.pub
• techforge.pub