Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Toyota finance business confirms ransomware attack, data breach
November 18, 2023
Toyota Financial Services (TFS), a subsidiary of the popular automaker, has confirmed suffering a ransomware attack. In a statement company stated that Toyota Financial Services Europe & Africa “recently identified unauthorized activity on systems in a limited number of its locations.” The company only mentioned unauthorized activity on its endpoints and didn’t discuss if any data ...
- Stately Taurus targets the Philippines as tensions flare in the South Pacific
November 17, 2023
Tensions between China and the Philippines have risen sharply over the past several months. Coinciding with these real-world events, Unit 42 researchers observed three Stately Taurus campaigns during the month of August. These campaigns are assessed to have targeted entities in the South Pacific including the Philippines government. The campaigns leveraged legitimate software including Solid PDF ...
- Into The Trash: Analyzing LitterDrifter
November 17, 2023
Gamaredon, also known as Primitive Bear, ACTINIUM, and Shuckworm, is a unique player in the Russian espionage ecosystem that targets a wide variety of almost exclusively Ukrainian entities. While researchers often struggle to uncover evidence of Russian espionage activities, Gamaredon is notably conspicuous. The group behind it conducts large-scale campaigns while still primarily focusing on regional ...
- Scattered Spider
November 16, 2023
The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. This advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations as recently as November 2023. Scattered Spider ...
- Insider Threat: Hunting and Detecting
November 16, 2023
The insider threat is a multifaceted challenge that represents a significant cybersecurity risk to organizations today. Some are malicious insiders such as employees looking to steal data or sabotage the organization. Some are unintentional insiders such as employees who make careless mistakes or fall victim to phishing attacks.Identifying insider threats is becoming increasingly important. Malicious insiders often ...
- Zimbra 0-day used to target international government organizations
November 16, 2023
In June 2023, Google’s Threat Analysis Group (TAG) discovered an in-the-wild 0-day exploit targeting Zimbra Collaboration, an email server many organizations use to host their email. Since discovering the 0-day, now patched as CVE-2023-37580, TAG has observed four different groups exploiting the same bug to steal email data, user credentials, and authentication tokens. Most of this ...