TZUTC: -0500   
   MSGID: 36.consprcy@1:2320/105 2c0227fa   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Google says Gemini is being misused to launch major cyberattacks   
      
   Date:   
   Fri, 31 Jan 2025 12:04:00 +0000   
      
   Description:   
   GenAI is being used by crooks to craft phishing attacks, write malware code,   
   and more, Google reveals.   
      
   FULL STORY   
      
   Dozens of cybercriminal organizations from all around the world are abusing   
   Googles Artificial Intelligence (AI) solution Gemini in their attacks, the   
   company has admitted.    
      
   In an in-depth analysis discussing who the threat actors are, and what theyre   
   using the tools for, Googles Threat Intelligence Group highlighted how the   
   platform has not yet been used to discover new attack methods, but is rather   
   used to fine-tune existing ones.    
      
   Threat actors are experimenting with Gemini to enable their operations,   
   finding productivity gains but not yet developing novel capabilities, the    
   team said in its analysis. At present, they primarily use AI for research,   
   troubleshooting code, and creating and localizing content. APT42 and many   
   other threats    
      
   The biggest Gemini users among cybercriminals are the Iranians, Russians, the   
   Chinese, and North Koreans, who utilize the platform for reconnaissance,   
   vulnerability research, scripting and development, translation and   
   explanation, and deeper system access and post-compromise actions.    
      
   In total, Google observed 57 groups, more than 20 of which were from China,   
   and among the 10+ North Korean threat actors using Gemini, one group stands   
   out - APT42.    
      
   Over 30% of threat actor Gemini use from the country was linked to APT42,   
   Google said. APT42's Gemini activity reflected the group's focus on crafting   
   successful phishing campaigns. We observed the group using Gemini to conduct   
   reconnaissance into individual policy and defense experts, as well as   
   organizations of interest for the group.    
      
   APT42 also used text generation and editing capabilities to craft phishing   
   messages, particularly those targeting US defense organizations. APT42 also   
   utilized Gemini for translation including localization, or tailoring content   
   for a local audience. This includes content tailored to local culture and   
   local language, such as asking for translations to be in fluent English.    
      
   Ever since ChatGPT was first published, security researchers have been    
   warning about the abuse in cybercrime. Before GenAI, the best way to spot   
   phishing attacks was to look for spelling and grammar errors, and    
   inconsistent wording. Now, with AI doing the writing and the editing, the   
   method practically no longer works, and security pros are turning to new   
   approaches.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/google-says-gemini-is-being-misused-to-   
   launch-major-cyberattacks   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426