Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019
November 29, 2021
This February, during our hunting efforts for threat actors using VBS/VBA implants, Kaspersky researchers came across MS Excel droppers that use hidden spreadsheets and VBA macros to drop their first stage implant. The implant itself is a VBS script with functionality to collect system information and execute arbitrary code sent by the attackers on the ...
- Wind turbine maker Vestas confirms recent security incident was ransomware
November 29, 2021
Wind turbine maker Vestas says “almost all” of its IT systems are finally up and running 10 days after a security attack by criminals, confirming that it had indeed fallen victim to ransomware. Alarm bells rang the weekend before last when the Danish organisation said it had identified a “cyber security incident” and closed off parts ...
- IKEA email systems hit by ongoing cyberattack
November 26, 2021
IKEA is battling an ongoing cyberattack where threat actors are targeting employees in internal phishing attacks using stolen reply-chain emails. A reply-chain email attack is when threat actors steal legitimate corporate email and then reply to them with links to malicious documents that install malware on recipients’ devices. As the reply-chain emails are legitimate emails from a ...
- RATDispenser downloader delivers a ‘silent threat’ that wants to steal your passwords
November 26, 2021
Cyber criminals are using a new JavaScript downloader to distribute eight different kinds of remote access Trojan (RAT) malware and information-stealing malware in order to gain backdoor control of infected Windows systems, as well as steal usernames, passwords and other sensitive data. The downloader has been detailed by cybersecurity researchers at HP Wolf Security, who’ve called ...
- IT threat evolution Q3 2021
November 26, 2021
Last March, Kaspersky researchers reported a WildPressure campaign targeting industrial-related entities in the Middle East. While tracking this threat actor in spring 2021, they discovered a newer version. It contains the C++ Milum Trojan, a corresponding VBScript variant and a set of modules that include an orchestrator and three plugins. This confirms Kaspersky previous assumption ...
- BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors
November 25, 2021
We continue monitoring the campaigns using information stealer BazarLoader (detected by Trend Micro as TrojanSpy.Win64.BAZARLOADER, TrojanSpy.Win64.BAZARLOADER, and Backdoor.Win64.BAZARLOADER). While InfoSec forums have noted the spike in detections during the third quarter, we noticed two new arrival mechanisms included in the existing roster of delivery techniques that malicious actors abused for data theft and ransomware. One of ...