Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ransomware: Attacks Continue to Rise as Operators Adapt to Disruption
March 12, 2024
Ransomware activity remains on an upward trend despite the number of attacks claimed by ransomware actors decreasing by slightly more than 20% in the fourth quarter of 2023. Attackers have continually refined their tactics and proven quick to respond to disruption, finding new ways to infect victims. Analysis of data from ransomware leak sites shows that ...
- Mysterious Werewolf hits defense industry with new RingSpy backdoor
March 12, 2024
The criminal group gains initial access through phishing emails with a compressed executable that unleashes RingSpy, an original remote access backdoor The BI.ZONE Threat Intelligence team has detected a new campaign by Mysterious Werewolf, a cluster that has been active since at least 2023. This time, the adversaries are targeting defense enterprises. To achieve their goals, ...
- VCURMS: A Simple and Functional Weapon
March 12, 2024
Recently, FortiGuard Labs uncovered a phishing campaign that entices users to download a malicious Java downloader with the intention of spreading new VCURMS and STRRAT remote access trojans (RAT). The attackers stored malware on public services like Amazon Web Services (AWS) and GitHub, employing a commercial protector to avoid detection of the malware. The attacker attempts ...
- French state services hit by cyberattacks of ‘unprecedented intensity’
March 11, 2024
The latest cyberattack to hit France follows a warning from Attal’s defence adviser just last week that the Olympics games in July and European Parliament elections in June could be “significant targets”. Prime Minister Gabriel Attal’s office said several state bodies were targeted but did not provide details. “Many ministerial services were targeted” from Sunday “using ...
- Russia’s spy service accuses US of trying to meddle in presidential election
March 11, 2024
President Vladimir Putin’s foreign intelligence service on Monday accused the United States of trying to meddle in Russia’s presidential election and said that Washington even had plans to launch a cyber attack on the online voting system. Putin, who is almost certain to win the March 15-17 presidential election, has warned the West that any attempts ...
- Third-Party Breach and Missing MFA Contributed to British Library Cyber-Attack
March 11, 2024
The British Library ransomware attack was likely caused by the compromise of third-party credentials coupled with no multifactor authentication (MFA) in place to stop the attackers, despite previous warnings about these risks. This is according to a British Library report that sheds new light on the October 2023 attack, which shut down digital services and breached ...