"A Chinese government hacking group that has been sanctioned for targeting America's critical infrastructure used Google's AI chatbot, Gemini, to auto-analyze vulnerabilities and plan cyberattacks against US organizations, the company says. While there's no indication that any of these attacks were successful, "APT groups like this continue to experiment with adopting AI to support semi-autonomous offensive operations," Google Threat Intelligence Group chief analyst John Hultquist told The Register. "We anticipate that China-based actors in particular will continue to build agentic approaches for cyber offensive scale.""
"In the threat-intel group's most recent AI Threat Tracker report, released on Thursday and shared with The Register in advance, Google attributes this activity to APT31, a Beijing-backed crew also known as Violet Typhoon, Zirconium, and Judgment Panda. This goon squad was one of many exploiting a series of Microsoft SharePoint bugs over the summer, and in March 2024, the US issued sanctions against and criminally charged seven APT31 members accused of breaking into computer networks, email accounts, and cloud storage belonging to numerous high-value targets."
"The most recent attempts by APT31 to use Google's Gemini AI tool happened late last year, we're told. "APT31 employed a highly structured approach by prompting Gemini with an expert cybersecurity persona to automate the analysis of vulnerabilities and generate targeted testing plans," according to the report. In one case, the China-based gang used Hexstrike, an open source, red-teaming tool built on the Model Context Protocol (MCP) to analyze various exploits - including remote code execution, web application firewall (WAF) bypass techniques, and SQL injection - "against specific US-based targets," the Googlers wrote."
A Chinese government-affiliated hacking group sanctioned for targeting American critical infrastructure used Google's Gemini AI chatbot to automate vulnerability analysis and plan targeted cyberattacks against US organizations. There is no indication that the attempts succeeded. Google Threat Intelligence linked the activity to APT31 (also called Violet Typhoon, Zirconium, and Judgment Panda), which exploited Microsoft SharePoint bugs and faced US sanctions and criminal charges in March 2024. APT31 prompted Gemini with an expert cybersecurity persona to generate targeted testing plans and used Hexstrike, an open-source red-teaming tool built on the Model Context Protocol, to analyze exploits such as RCE, WAF bypass, and SQL injection. Google warns that China-based actors are likely to continue developing agentic, semi-autonomous offensive cyber capabilities.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]