AI-Powered Cyber Threats: Google's Research Reveals Sophisticated Tactics

Read AI-Powered Cyber Threats: Google's Research Reveals Sophisticated Tactics on WALY Radio

AI-Powered Cyber Threats: Google's Research Reveals Sophisticated Tactics

Threat actors are increasingly using AI tools in sophisticated ways for cyber operations, as highlighted in new research by Google. Large language model (LLM) tools have enabled threat actors to craft phishing lures, code malware, conduct reconnaissance, and even perform vulnerability research and exploit development. Google's Threat Intelligence Group (GTIG) has identified threat actors using AI to develop zero-day exploits, with one instance involving a Python script to bypass two-factor authentication on a popular web-based system administration tool.

GTIG has observed threat actors associated with China and North Korea leveraging LLMs for vulnerability research. Chinese actor UNC2814 used AI to conduct vulnerability research on embedded devices, while North Korean actor Silent Chollima, also known as APT45, utilized AI to analyze CVEs and validate PoC exploits. Additionally, threat actors have trained on a vulnerability repository called "wooyun-legacy" and experimented with agentic tools like OpenClaw and OneClaw for vulnerability research.

One notable use case detailed in the report involves the Android backdoor malware family "PromptSpy," which uses AI to ensure the malicious app remains undetected in the "recent apps" list. The backdoor also uses AI to navigate the Android user interface and interpret real-time user activity, such as capturing biometric data for authentication gestures. Threat actors are also using agentic workflows to operationalize autonomous frameworks for executing multi-stage security tasks, as seen in attacks against Japanese and East Asian targets.

The report highlights a shift towards AI-driven frameworks that can scale discovery activities with minimal human oversight, indicating a move from human-focused operations to campaigns where AI plays a more central role. This trend aligns with the evolution of AI in the defender space, where organizations are increasingly relying on AI orchestrators for decision-making, with humans intervening only when necessary. The use of AI by threat actors underscores the need for continued vigilance and innovation in cybersecurity to counter evolving threats effectively.