North Korea is already using Gemini to hack computers around the world

A group of North Korean hackers known as UNC2970 has begun using Google’s Gemini artificial intelligence model to carry out reconnaissance activities and cyberattacks. This behavior has been documented in a report from the Google Threat Intelligence Group (GTIG), which highlights a concerning crossover between professional research and malicious activities in the field of cybersecurity. AI is fine, man According to reports, UNC2970 has focused on companies in the cybersecurity and defense sector, using open-source intelligence (OSINT) to profile high-value targets and prepare specific phishing campaigns. […]

A North Korean hacker group known as UNC2970 has begun using Google’s Gemini artificial intelligence model to carry out reconnaissance and cyberattack activities. This behavior has been documented in a report from the Google Threat Intelligence Group (GTIG), which highlights a concerning intersection between professional research and malicious activities in the field of cybersecurity.

AI is fine, man

According to reports, UNC2970 has focused on companies in the cybersecurity and defense sector, resorting to open-source intelligence (OSINT) to profile high-value targets and prepare specific phishing campaigns. The group uses Gemini to map technical roles and their salaries, creating profiles that facilitate the design of targeted attacks.

Researchers have identified new types of malware that use Gemini, such as HONESTCUE, a framework that allows attackers to generate additional functionality code, and COINBAIT, a phishing kit designed to masquerade as a cryptocurrency exchange, aimed at collecting credentials. HONESTCUE, for its part, operates by using the Gemini API to receive source code in C#, which is executed in memory, leaving few traces on the target system.

Additionally, ClickFix campaigns have been detected that use AI-generated instructions to solve common computer problems, but ultimately distribute malware designed to steal information. Experts warn that assuming keeping the model weights private is enough for protection is a serious mistake; gathering information through queries can result in the replication of the model’s original behavior.

Google has taken steps to disrupt these attacks and has highlighted the growing risk posed by hacker groups that use tools like Gemini to accelerate the phases of the cyber attack cycle. As technology advances, so do the tactics of those looking to exploit it.

Author: Jesús Bosque

{ "de-DE": "Ich bin Journalist mit über 30 Jahren Erfahrung in Videospielen und Technologie. Obwohl Videospiele schon immer mein Fachgebiet waren, habe ich begonnen, auch die komplexen Strukturen von Projektmanagement-Tools wie Asana sowie die Automatisierungen mit Make.com und N8N zu entdecken und zu genießen.", "en-US": "I’m a journalist with more than 30 years of experience in video games and technology. Although my specialty has always been video games, I’ve recently started enjoying exploring the intricacies of project-management tools like Asana, as well as automations with Make.com and N8N.", "es-ES": "Soy periodista con más de 30 años de experiencia en videojuegos y tecnología. Aunque mi especialidad siempre ha sido el videojuego, he empezado a disfrutar también de descubrir los laberintos de los programas de project management como Asana y las automatizaciones de make.com y de N8N", "fr-FR": "Je suis journaliste avec plus de 30 ans d’expérience dans le jeu vidéo et la technologie. Bien que ma spécialité ait toujours été le jeu vidéo, j’ai commencé à prendre plaisir à explorer également les méandres des outils de gestion de projet comme Asana, ainsi que les automatisations avec Make.com et N8N.", "it-IT": "Sono un giornalista con oltre 30 anni di esperienza nei videogiochi e nella tecnologia. Anche se la mia specialità è sempre stata il videogame, ho iniziato a divertirmi anche a scoprire i meccanismi degli strumenti di project management come Asana e delle automazioni con Make.com e N8N.", "ja-JP": "", "nl-NL": "Ik ben een journalist met meer dan 30 jaar ervaring in videogames en technologie. Hoewel videogames altijd mijn specialiteit zijn geweest, ben ik ook begonnen te genieten van het verkennen van de ingewikkelde wereld van projectmanagementtools zoals Asana en van automatiseringen met Make.com en N8N.", "pl-PL": "Jestem dziennikarzem z ponad 30-letnim doświadczeniem w grach wideo i technologii. Choć moją specjalizacją zawsze były gry wideo, ostatnio zacząłem również czerpać przyjemność z odkrywania zawiłości narzędzi do zarządzania projektami, takich jak Asana, oraz automatyzacji w Make.com i N8N.", "pt-BR": "Sou jornalista com mais de 30 anos de experiência em videogames e tecnologia. Embora meu foco sempre tenha sido os videogames, recentemente passei a gostar de explorar também os labirintos de ferramentas de gestão de projetos como o Asana e das automações com Make.com e N8N.", "social": { "email": "jesus.bosque@softonic.com", "facebook": "", "twitter": "", "linkedin": "" } }