Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Western Sydney University staff, students caught in cyber attack
May 21, 2024
About 7500 staff and students have been caught up in a massive cyber attack at Western Sydney University. Police are investigating the breach, which the university says dates as far back as May 2023, when an unauthorised party got into the Microsoft Office system and accessed email accounts and SharePoint files. WSU says they have not ...
- Deepfake video conference sees criminals escape with US$25 million
May 20, 2024
In February, a multinational company’s finance team member in Hong Kong made headlines after he transmitted HK$200 million (US$25 million) to cybercriminals who pretended to be the chief financial officer and other colleagues, using deepfake technology, in what the worker thought was a legitimate video conference. Now it’s been revealed that it was UK engineering group ...
- Medusa announced attack on John R. Wood Christie’s International Real Estate group
May 20, 2024
No patron information was compromised in a recent ransomware attack against John R. Wood Christie’s International Real Estate by a cyber gang known as Medusa, according to the company. Medusa announced the attack on its site, claiming it had stolen more than 1 terabyte of Wood data. The gang demanded $2 million from the real estate ...
- Healthcare company WebTPA discloses breach affecting 2.5 million people
May 17, 2024
A Texas-based company that provides health insurance and benefit plans disclosed a data breach affecting almost 2.5 million people, some of whom had their Social Security number stolen. WebTPA said in a data breach notice published earlier this month that the company detected “evidence of suspicious activity” on December 28, 2023, which prompted the company to ...
- Positive Technologies detects a series of attacks via Microsoft Exchange Server
May 17, 2024
While responding to an incident, the Incident Response team of Positive Technologies Expert Security Center (PT ESC) discovered an unknown keylogger embedded in the main Microsoft Exchange Server page of one of our customers. This keylogger was collecting account credentials into a file accessible via a special path from the internet. The team identified over 30 ...
- Springtail: New Linux Backdoor Added to Toolkit
May 16, 2024
Symantec’s Threat Hunter Team has uncovered a new Linux backdoor developed by the North Korean Springtail espionage group (aka Kimsuky) that is linked to malware used in a recent campaign against organizations in South Korea. The backdoor (Linux.Gomir) appears to be a Linux version of the GoBear backdoor, which was used in a recent Springtail campaign ...