Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Worldwide Phishing Attacks Ramped Up At the Peak of Working From Home
August 25, 2021
With more and more companies choosing to allow for flexible (hybrid/remote) work environments post-pandemic, we investigated the unique cyberthreats employees working from home face. Palo Alto analysis focused primarily on trends in Palo Alto firewall traffic and phishing pages detected by our URL Filtering service from September 2019 to April 2021. We found that in early ...
- Triada Trojan in WhatsApp mod
August 24, 2021
WhatsApp users sometimes feel the official app is lacking a useful feature of one sort or another, be it animated themes, self-destructing messages which automatically delete themselves, the option of hiding certain conversations from the main list, automatic translation of messages, or the option of viewing messages that have been deleted by the sender. This ...
- APT41 Resurfaces as Earth Baku With New Cyberespionage Campaign
August 24, 2021
Trend Micro researchers have uncovered a cyberespionage campaign being perpetrated by Earth Baku, an advanced persistent threat (APT) group with a known history of carrying out cyberattacks under the alias APT41. This is not the group’s first foray into cyberespionage, and its long list of past cybercrimes also includes ransomware and cryptocurrency mining attacks. Earth Baku ...
- Ransomware Groups to Watch: Emerging Threats
August 24, 2021
As part of Unit 42’s commitment to stop ransomware attacks, we conduct ransomware hunting operations to ensure our customers are protected against new and evolving ransomware variants. We monitor the activity of existing groups, search for dark web leak sites and fresh onion sites, identify up-and-coming players and study tactics, techniques and procedures. During our operations, ...
- FBI: OnePercent Group Ransomware targeted US orgs since Nov 2020
August 23, 2021
The Federal Bureau of Investigation (FBI) has shared info about a threat actor known as OnePercent Group that has been actively targeting US organizations since at least November 2020 as a ransomware affiliate. The US federal law enforcement agency shared indicators of compromise, tactics, techniques, and procedures (TTP), and mitigation measures in a flash alert published ...
- Nokia subsidiary discloses data breach after Conti ransomware attack
August 23, 2021
SAC Wireless, a US-based Nokia subsidiary, has disclosed a data breach following a ransomware attack where Conti operators were able to successfully breach its network, steal data, and encrypt systems. The wholly-owned and independently-operating Nokia company, headquartered in Chicago, IL, works with telecom carriers, major tower owners, and original equipment manufacturers (OEMs) across the US. Read more… Source: ...