Introduction:
1、Project Zero - A Team of Star-Hackers Hired by Google to Protect the Internet
2、Nation-State Hackers Abuse Gemini AI Tool
Project Zero - A Team of Star-Hackers Hired by Google to Protect the Internet ♂
Today Google has publicly revealed its new initiative called "Project Zero," a team of Star Hackers and Bug Hunters with the sole mission to improve security and protect the Internet.
Nation-State Hackers Abuse Gemini AI Tool ♂
Nation-state threat actors are frequently abusing Google’s generative AI tool Gemini to support their malicious cyber operations.
An analysis by the Google Threat Intelligence Group (GTIG) highlighted that APT groups from Iran, China, Russia and North Korea are using the large language model (LLM) for a wide range of malicious activity.
Tasks primarily revolve around research, vulnerability exploitation, malware development and creating and localizing content like phishing emails.
The GTIG said it has not observed any original or persistent attempts by nation-state threat actors to use prompt attacks or other AI-specific threats, with the tool primarily used to improve productivity to date.
A “handful” of attempts have been made to bypass Gemini’s safety controls through publicly available jailbreak prompts. However, these attempts failed, with Gemini responding with safety fallback responses and declined to follow the threat actor's instructions.
“Rather than enabling disruptive change, generative AI allows threat actors to move faster and at higher volume,” the GTIG researchers noted.
However, with the with new AI models and agentic systems emerging daily, they expect threat actors to evolve their use of AI in kind.
Iranian government-backed actors accounted for the largest Gemini use linked to APT actors.
Over 30% of Iranian APT actors’ Gemini use was linked to APT42, a group observed to target military and political figures in countries such as the US and Israel.
The GTIG said it observed Iranian APT actors using the tool for reconnaissance on potential targets, such as defense experts and organizations, foreign governments and individual dissidents.
They also undertook research into publicly reported vulnerabilities on specific technologies. This included searching for exploitation techniques.
Gemini was also frequently used by Iranian actors to craft legitimate-looking phishing emails. This included using the LLM’s text generation and editing capabilities for translation and tailoring messages for particular sectors and locations.
Chinese APT groups used Gemini for reconnaissance purposes, with a particular focus on US military and IT organizations.
Additionally, there was a notable focus on using the tool to assist with compromise. This included scripting and development of malware and finding solutions to technical challenges.
For post-compromise activities, Gemini was used to provide information on enabling deeper access in target networks, such as lateral movement, privilege escalation and data exfiltration.
For example, one PRC-backed group asked Gemini for assistance to figure out how to sign a plugin for Microsoft Outlook and silently deploy it to all computers.
The GTIG observed North Korean state actors using Gemini to support several phases of the attack lifecycle.
This included research specifically on how to compromise Gmail accounts and other Google services.
Another core focus was to assists IT worker schemes, in which North Korean actors falsely gain employment with Western IT firms to generate revenue for the Democratic People's Republic of Korea (DPRK) government.
For these campaigns, Gemini was used to research information like available jobs on LinkedIn and average salary, and to generate content such as cover letters from job postings.
North Korean actors also engaged with Gemini with several questions that appeared focused on conducting initial research and reconnaissance into prospective targets, such as US and South Korean defense contractors.
Some of these APT groups also tried to use Gemini to assist with development and scripting tasks, including developing code for sandbox evasion.
Russian nation-state groups were more limited in their abuse of Gemini compared to other nations, according to GTIG.
Observed uses included help with rewriting publicly available malware into another language and adding encryption functionality to code.
Related questions
Hacker-for-hire forums are online platforms, often found on the dark web, where individuals offer or solicit hacking services, typically for illegal activities. Here's a structured overview:
Nature and Purpose:
- Illegal Activities: Most commonly associated with cybercrime, such as data breaches, account hacking, or deploying malware. These forums are hubs for unauthorized access to systems.
- Ethical Hacking: Rarely, some may claim to offer penetration testing, but legitimate professionals usually operate through official channels.
Legality and Risks:
- Illegal: Hiring hackers for malicious purposes is a crime in most jurisdictions. Participation risks legal consequences, including prosecution.
- Scams: High risk of fraud; "hackers" may take payment without delivering services or exploit clients' information.
Operational Aspects:
- Anonymity: Use of cryptocurrencies (e.g., Bitcoin) and encrypted communication (e.g., PGP) to evade detection.
- Access: Often require invitations or vetting, commonly hosted on dark web platforms like Tor-hidden services.
Legitimate Alternatives:
- Cybersecurity Services: Ethical hacking for security testing is conducted via formal contracts through reputable firms or freelancers on legitimate platforms (e.g., Upwork, LinkedIn).
Law Enforcement:
- Monitoring: Authorities actively infiltrate these forums to track cybercriminal activity, leading to arrests and shutdowns.
Conclusion: Hacker-for-hire forums are predominantly illicit spaces facilitating cybercrime. Engaging with them carries significant legal and financial risks. Legitimate security needs should be addressed through professional, legal channels.
评论已关闭