Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- SCARLETEEL hackers use advanced cloud skills to steal source code, data
February 28, 2023
An advanced hacking operation dubbed ‘SCARLETEEL’ targets public-facing web apps running in containers to infiltrate cloud services and steal sensitive data. SCARLETEEL was discovered by cybersecurity intelligence firm Sysdig while responding to an incident in one of their customers’ cloud environments. Read more… Source: Bleeping Computer
- RIG Exploit Kit still infects enterprise users via Internet Explorer
February 27, 2023
The RIG Exploit Kit is undergoing its most successful period, attempting roughly 2,000 intrusions daily and succeeding in about 30% of cases, the highest ratio in the service’s long operational history. By exploiting relatively old Internet Explorer vulnerabilities, RIG EK has been seen distributing various malware families, including Dridex, SmokeLoader, and RaccoonStealer. Read more… Source: Bleeping Computer
- A Deep Dive into the Evolution of Ransomware Part 3
February 27, 2023
Ransomware is an ever-growing problem that has wreaked havoc across a multitude of industries, with astronomical ransom demands leaving businesses and infrastructure feeling powerless. From major hospitals to enterprises – no sector was immune from the impact of ransomware’s widespread infiltration in recent years. Trend Micro researchers discussed what triggers threat actors from changing their business ...
- LastPass: DevOps engineer hacked to steal password vault data in 2022 breach
February 27, 2023
LastPass revealed more information on a “coordinated second attack,” where a threat actor accessed and stole data from the Amazon AWS cloud storage servers for over two months. LastPass disclosed a breach in December where threat actors stole partially encrypted password vault data and customer information. Read more… Source: Bleeping Computer
- News Corp says state hackers were on its network for two years
February 24, 2023
Mass media and publishing giant News Corporation (News Corp) says that attackers behind a breach disclosed in 2022 first gained access to its systems two years before, in February 2020. This was revealed in data breach notification letters sent to employees affected by the data breach, who had some of their personal and health information accessed, ...
- Clasiopa: New group targets materials research organization in Asia
February 23, 2023
A hitherto unknown attack group has been observed targeting a materials research organization in Asia. The group, which Symantec calls Clasiopa, is characterized by a distinct toolset, which includes one piece of custom malware (Backdoor.Atharvan). At present, there is no firm evidence on where Clasiopa is based or whom it acts on behalf. The infection vector ...