Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ransomware Redefined: RedEnergy Stealer-as-a-Ransomware attacks
June 21, 2023
Zscaler ThreatLabz has discovered a new malware variant, RedEnergy stealer (not to be confused with the australian company Red Energy) that fits into the hybrid Stealer-as-a-Ransomware threat category. RedEnergy stealer uses a fake update campaign to target multiple industry verticals and possesses the ability to steal information from various browsers, enabling the exfiltration of sensitive ...
- Graphican: Flea uses new backdoor in attacks targeting Foreign Ministries
June 21, 2023
The Flea (aka APT15, Nickel) advanced persistent threat (APT) group continued to focus on foreign ministries in a recent attack campaign that ran from late 2022 into early 2023 in which it leveraged a new backdoor called Backdoor.Graphican. This campaign was primarily focused on foreign affairs ministries in the Americas, although the group also targeted a ...
- Dissecting TriangleDB, a Triangulation spyware implant
June 21, 2023
Over the years, there have been multiple cases when iOS devices were infected with targeted spyware such as Pegasus, Predator, Reign and others. Often, the process of infecting a device involves launching a chain of different exploits. Due to this granularity, discovering one exploit in the chain often does not result in retrieving the rest ...
- Microsoft Azure and Outlook outages were caused by DDoS attacks
June 19, 2023
Microsoft has confirmed that outages to its Azure and Outlook services were caused by DDoS attacks, which the company puts down to the threat actor that it tracks as Storm-1359. This follows the tech giant’s new nomenclature for threats, whereby Storm denotes a group that is in development. Otherwise known as Anonymous Sudan, it is said ...
- Whitehall wide open to cyber-attack, warn campaigners
June 18, 2023
Government departments responsible for running health and social care, and for collecting taxes, are using outdated software that leaves them wide open to cyber-attacks, according to a disturbing new investigation. The use of “legacy” servers and databases has been uncovered through freedom of information (FoI) requests from the low-tax pressure group the TaxPayers’ Alliance. It has ...
- Understanding Malware-as-a-Service
June 15, 2023
Money is the root of all evil, including cybercrime. Thus, it was inevitable that malware creators would one day begin not only to distribute malicious programs themselves, but also to sell them to less technically proficient attackers, thereby lowering the threshold for entering the cybercriminal community. The Malware-as-a-Service (MaaS) business model emerged as a result of ...