• Pascal's Chatbot Q&As
  • Posts
  • Actors from Iran, China, North Korea, and Russia, attempted to use AI tools like Gemini to support various phases of cyberattacks, including: Reconnaissance, Weaponization & Exploitation.

Actors from Iran, China, North Korea, and Russia, attempted to use AI tools like Gemini to support various phases of cyberattacks, including: Reconnaissance, Weaponization & Exploitation.

State-backed influence operations used Gemini for: Generating deceptive content, Translation and localization & Optimizing reach.

Author

Pascal Hetzscholdt
February 06, 2025

Question for GPT-4o: Please read the blog post “Adversarial Misuse of Generative AI” authored by Google’s Threat Intelligence Group and list and rank all the issues they have identified starting with the most damaging one.

ChatGPT-4o’s answer:
Here is a ranked list of the issues identified in the "Adversarial Misuse of Generative AI" report by Google's Threat Intelligence Group (GTIG), starting with the most damaging:

1. Advanced Persistent Threat (APT) Actors Using AI for Cyberattacks

  • APT actors, particularly from Iran, China, North Korea, and Russia, attempted to use AI tools like Gemini to support various phases of cyberattacks, including:

    • Reconnaissance: Gathering information about targets, such as defense organizations, government networks, and military operations.

    • Weaponization: Developing or modifying malicious scripts, payloads, and exploits.

    • Exploitation: Researching known vulnerabilities and attack techniques.

    • Post-compromise Actions: Evasion techniques, data exfiltration, and persistence within compromised networks.

Most Damaging Cases:

  • Iranian APT actors: Conducted extensive reconnaissance on defense experts and organizations, researched vulnerabilities, and created content to facilitate phishing campaigns.

  • Chinese APT actors: Focused on lateral movement, privilege escalation, and evading detection, targeting US military and intelligence organizations.

  • North Korean APT actors: Used AI to support hacking, espionage, and clandestine IT worker schemes, including drafting fraudulent job applications.

  • Russian APT actors: Engaged in malware development and cryptographic obfuscation but had relatively limited engagement with Gemini.

2. Information Operations (IO) Actors Using AI for Propaganda and Disinformation

  • State-backed influence operations (Iran, China, Russia) used Gemini for:

    • Generating deceptive content: Articles, social media posts, and biased narratives.

    • Translation and localization: Tailoring propaganda for different audiences.

    • Optimizing reach: Using SEO techniques, social media strategies, and campaign planning.

Most Damaging Cases:

  • Iran-linked IO actors: Generated manipulated content, social media engagement strategies, and politically motivated misinformation.

  • China-linked IO actors (DRAGONBRIDGE): Conducted extensive research on global political issues and used AI to generate influence content supporting Chinese strategic goals.

  • Russia-linked IO actors (KRYMSKYBRIDGE, Doppelganger, CopyCop): Focused on narrative manipulation, translation of misleading information, and research on AI-driven chatbots for propaganda.

3. AI-Enabled Cybercrime and Financially Motivated Actors

  • Underground cybercriminals are selling jailbroken LLMs (e.g., FraudGPT, WormGPT) to enable malware development, phishing campaigns, and fraud.

  • AI-assisted Business Email Compromise (BEC) scams were observed, leveraging deepfake video and voice content to defraud companies.

4. Attempted AI Jailbreaking and Model Exploitation

  • Some APT actors tried to jailbreak Gemini using publicly available prompts to generate malware or phishing content.

  • North Korean APT actors attempted to extract internal system details from Gemini (e.g., IP addresses, kernel versions, and network configurations), but these efforts were unsuccessful.

5. AI for Low-Skill Cyber Threat Actors

  • While AI does not yet enable novel cyberattack techniques, it significantly boosts efficiency for less-skilled threat actors, allowing them to:

    • Generate phishing emails and malware more quickly.

    • Improve their scripting, automation, and reconnaissance efforts.

    • Leverage LLMs for debugging, translation, and strategic planning.

Conclusion

Although AI has not yet revolutionized cyberattacks, state-backed APTs and cybercriminals are leveraging generative AI to streamline their operations and increase efficiency. Governments, the private sector, and AI developers must continue enhancing security frameworks (e.g., Google’s Secure AI Framework - SAIF) to mitigate misuse risks.