A recent analysis reveals that state-sponsored hacking groups from China, North Korea, and Russia are integrating generative artificial intelligence (AI) into their cyber attacks to maximize efficiency.
On Tuesday, Google’s Threat Intelligence Group (GTIC) released a report stating that these state-backed cyber attackers have utilized large language models (LLMs) to identify software vulnerabilities.
The report indicates that GTIC uncovered zero-day vulnerability attack codes believed to be developed using AI. Zero-day vulnerabilities are security flaws in software that developers are unaware of or for which security patches haven’t been released.
GTIC declared this as the first successful instance of using AI to develop a zero-day vulnerability, noting that they’ve informed the software developer to implement the necessary patch.
Previously, cybersecurity experts raised concerns about Anthropic’s AI model, Mitos, potentially exploring and exploiting zero-day vulnerabilities automatically.
The report also highlighted that hackers backed by North Korea and China are already employing AI for vulnerability analysis and attack code development.
Notably, North Korea’s hacking group APT45 has used AI to validate thousands of attack codes and build a substantial arsenal for cyber assaults. APT45 has been active since 2009 as a North Korean cyber attack organization.
The report confirmed that China-linked hacking groups are actively seeking cyber attack opportunities using AI agents to uncover vulnerabilities in Japanese tech companies. The cyber espionage group UNC5673, associated with China, has attempted to gain access to cutting-edge LLMs.
These groups employ automated account registration programs and middleware (identity laundering tools) to access AI models anonymously. They then circumvent usage limits to exploit AI services for cyber attacks.
Russian cyber attackers have leveraged AI to enhance malware targeting Ukraine. They’ve also manipulated news footage by inserting altered audio and video in disinformation campaigns against the U.S., Ukraine, and France.
Google explained that it uses its generative AI, Gemini, to prevent the misuse of AI agents and to harness the model’s reasoning capabilities to address security vulnerabilities.
John Hultquist, GTIG’s senior researcher, cautioned that for every AI-enabled zero-day they’ve uncovered, there are likely many more undiscovered cases. It must not underestimate the threat posed by state-sponsored actors and cybercriminal groups utilizing AI.