Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- IT threat evolution Q1 2021
May 31, 2021
In December, SolarWinds, a well-known IT managed services provider, fell victim to a sophisticated supply-chain attack. The company’s Orion IT, a solution for monitoring and managing customers’ IT infrastructure, was compromised by threat actors. This resulted in the deployment of a custom backdoor, named Sunburst, on the networks of more than 18,000 SolarWinds customers, including ...
- U.S. Critical Infrastructure: Addressing Cyber Threats and the Importance of Prevention
May 31, 2021
The critical infrastructure of the United States includes all those systems and assets that are essential to the proper functioning, economy, health, and safety of American society. The roads and railways that we travel on; the Internet and the mobile networks that connect us; the water that we drink; the healthcare, financial services and security ...
- Swedish Health Agency shuts down SmiNet after hacking attempts
May 31, 2021
The Swedish Public Health Agency (Folkhälsomyndigheten) has shut down SmiNet, the country’s infectious diseases database, on Thursday after it was targeted in several hacking attempts. SmiNet, which is also used to store electronic reports with statistics on COVID-19 infections, was shut down on Thursday to investigate the attacks and was brought back online on Friday evening. Read ...
- JBS USA cyber attack affecting North American and Australian systems
May 31, 2021
United States-based food processing company JBS USA has confirmed falling victim to a cyber attack, with the aftermath affecting its North American and Australian systems. “On Sunday, May 30, JBS USA determined that it was the target of an organised cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems,” it ...
- New Epsilon Red ransomware hunts unpatched Microsoft Exchange servers
May 29, 2021
A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network. Epsilon Red ransomware attacks rely on more than a dozen scripts before reaching the encryption stage and also use a commercial remote desktop utility. Read more… Source: Bleeping Computer
- DarkSide on Linux: Virtual Machines Targeted
May 28, 2021
As we discussed in our previous blog, the DarkSide ransomware is targeting organizations in manufacturing, finance, and critical infrastructures in regions such as the United States, France, Belgium, and Canada. The DarkSide ransomware targets both Windows and Linux platforms. We also noticed that the Linux variant, in particular, targets ESXI servers. In this blog, we focus ...