Cybercriminals are increasingly exploiting AI for nefarious purposes, while nation-states such as China and North Korea are engaging in various digital assaults using this technology, warns Google.
getty
Over the past year, cybercriminals have been experimenting with AI to maximize their ability to infiltrate corporate networks. On Monday, Google issued a stark warning: for the first time, cybercriminals have utilized AI to create a formidable hacking tool known as a zero-day exploit.
Zero-day exploits are programs designed to target unknown and unpatched vulnerabilities, allowing criminals to install malware and access sensitive data on targeted computers or networks. These exploits are particularly prized among hackers due to their rarity and effectiveness. Google’s security researchers reported that they uncovered evidence that hackers had developed such an exploit targeting an unspecified open-source web-based IT administration tool. The company indicated that there was a “mass vulnerability exploitation operation” underway, but they managed to mitigate the threat by notifying the vendor of the affected tool.
“Some things that used to require months and years of experience … can be done almost instantaneously.”
Google noted several indications that AI had aided in writing the malicious code, although the specific AI system used remains unidentified. The structure of the code had characteristics typical of AI-generated content, including a “textbook” implementation of the Python programming language and “detailed help menus” that are uncommon in human-written software. Additionally, it featured an apparent AI hallucination, as it referenced a non-existent vulnerability.
Furthermore, Google reported that hackers, including operatives from Chinese and North Korean intelligence, have been using its Gemini AI chatbot to research potential cyberattack targets. In a notable incident, a Chinese-linked cybercrime group known as UNC2814 managed to persuade Gemini to act as a network security expert, prompting it to search for vulnerabilities in TP-Link routers, which have been prohibited in the U.S. due to security concerns.
John Hultquist, chief analyst for Google’s Threat Intelligence Group, suggested that North Korea has been among the early adopters of AI technology, transitioning from phishing tactics to orchestrating cyberattacks against corporate and government networks. “This is intriguing because they have typically focused on social engineering. It may indicate that they are leveraging AI to evolve their methods,” Hultquist remarked.
The detection of an AI-written zero-day exploit by Google represents a troubling trend in which hackers are using AI as a co-pilot in cyberattacks or to execute them entirely. In May, Dragos Security, a company dedicated to safeguarding critical infrastructure from cyber threats, revealed that attackers had employed Anthropic’s Claude AI in attempts to target municipal water and drainage systems in Monterrey, Mexico, earlier this year.
Eyal Sela, who initially reported these incidents, expressed concern that Google’s revelation about an AI-generated zero-day exploit illustrates how early adopters are leveraging new automated coding technologies for malicious purposes. Perhaps most alarming is that even less-skilled hackers can utilize AI to perform attacks using techniques they do not fully grasp, Sela told Forbes.
“There are certain actions that previously required months or years of experience that can now be executed almost instantaneously,” Sela stated. “This is not an exaggeration.”
