"Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber attack life cycle, enabling information operations, and even conducting model extraction attacks. "The group used Gemini to synthesize OSINT and profile high-value targets to support campaign planning and reconnaissance,""
"The tech giant's threat intelligence team characterized this activity as a blurring of boundaries between what constitutes routine professional research and malicious reconnaissance, allowing the state-backed actor to craft tailored phishing personas and identify soft targets for initial compromise. UNC2970 is the moniker assigned to a North Korean hacking group that overlaps with a cluster that's tracked as Lazarus Group, Diamond Sleet, and Hidden Cobra."
Google observed UNC2970 leveraging the Gemini generative AI model to perform reconnaissance and synthesize OSINT for campaign planning. Target profiling included searches on major cybersecurity and defense companies and mapping specific technical job roles and salary information. The activity blurred boundaries between routine professional research and malicious reconnaissance, enabling tailored phishing personas and identification of soft targets for initial compromise. UNC2970 overlaps with clusters tracked as Lazarus Group, Diamond Sleet, and Hidden Cobra and has run long campaigns using job-offer lures such as Operation Dream Job. Multiple threat actors have weaponized Gemini for faster targeting, information operations, and model extraction attacks.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]