Shreyas Reddy
North Korean cybercriminals have stepped up their use of Google’s artificial intelligence (AI) assistant Gemini to supercharge their cryptocurrency theft operations and malware attacks, the U.S. search giant reported Thursday.
In its new “AI Threat Tracker” report, the Google Threat Intelligence Group (GTIG) said North Korean state-sponsored threat actors have continued their “misuse” of generative AI tools to enhance all stages of their operations.
One such group, classified by Google as UNC1069 (also known as MASAN and CryptoCore), used Gemini to research cryptocurrency concepts and locate data related to targets’ virtual currency wallet applications.
This financially motivated cybercrime group has been active since at least 2018, according to the Google-owned cybersecurity firm Mandiant, and some of its activities have previously been tracked as operations carried out by the Pyongyang-backed Lazarus Group.
In Thursday’s report, GTIG highlighted UNC1069’s extensive use of social engineering tactics to steal cryptocurrency, notably through the harvesting of users’ credentials and the use of computer maintenance-related language in phishing lures.
The threat group used Gemini to create lure material and other messages related to cryptocurrency, as well as to overcome language barriers by generating Spanish-language work excuses and requests to reschedule meetings.
No comments:
Post a Comment