Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Cyberattack on food giant Dole, temporarily shuts down North American production
February 23, 2023
Produce giant Dole was forced to temporarily shut down its production plants in North America and halt food shipments to grocery stores after being targeted in a cyberattack. The previously unreported hack, which a source familiar with the incident said was ransomware, led some grocery shoppers to complain on Facebook in recent days that store shelves ...
- Telus investigating sale of alleged code, employee information
February 23, 2023
Someone on a criminal forum is selling what they claim is data on all Telus employees, as well as the Canadian telecommunications company’s GitHub software code repositories. In response to an IT World Canada reporter’s query about the posting, Telus director of public affairs Richard Gilhooley said the company is looking into the allegation. Read more… Source: IT ...
- European Commission bans TikTok from employees’ phones
February 23, 2023
The Commission said in a statement that all its employees will have to comply by March 15. This measure aims “to protect the Commission against cybersecurity threats and actions which may be exploited for cyber-attacks against the corporate environment of the Commission,” the statement said. “The security developments of other social media platforms will also be kept ...
- Datacenters in China, Singapore cracked by crims who then targeted tenants
February 23, 2023
Criminals have targeted datacenter operators in Singapore and China, tapping into their CCTV cameras, accessing their tenant lists and then attacking those customers. That’s the scary scenario outlined by infosec vendor Resecurity, which has detailed malicious campaigns said to have started in 2021 but became apparent earlier this month when info dumps were teased on the ...
- Russian malware dev behind NLBrute hacking tool extradited to US
February 23, 2023
A Russian malware developer accused of creating and selling the NLBrute password-cracking tool was extradited to the United States after being arrested in the Republic of Georgia last year on October 4. Also known as dpxaker, Dariy Pankov is now charged with access device fraud and computer fraud and faces a maximum sentence of 47 years ...
- Hydrochasma: Previously unknown group targets medical and shipping organizations in Asia
February 22, 2023
Shipping companies and medical laboratories in Asia are being targeted in a likely intelligence-gathering campaign that relies exclusively on publicly available and living-off-the-land tools. Hydrochasma, the threat actor behind this campaign, has not been linked to any previously identified group, but appears to have a possible interest in industries that may be involved in COVID-19-related treatments ...