InfoSecBulletin Cybersecurity for mankind
Google detects for the first time a zero-day exploit which is thought to be developed using artificial intelligence. The company shared a new report on Monday. It gives a summary of its findings on how AI is used in cyber threats. This information comes from recent data collected by Gemini, Google Threat Intelligence Group (GTIG), and Mandiant.
A key finding is that a well-known cybercrime group used AI to develop a zero-day exploit. This exploit was made to get around two-factor authentication (2FA) on an open-source web tool for system management. The exploit was in a Python script.
1-Click GitHub Token Flaw Allows Attackers Steal Users’ OAuth Tokens
TP-Link Router Flaw Enables Remote Command Execution Attacks
ALERT
Google patches one exploited Android zero-day and 124 issues
CISA warns two-year-old Oracle Vuln as actively exploited in attacks
Hackers Use Meta’s AI Bot to Take Over Instagram Accounts
Anthropic confirms Claude Mythos-class models will be public
Threat Actors Fake FIFA Sites to Steal Personal Info
CISA gives feds 4 days to fix cPanel plugin vulnerability
ALERT
FortiClient EMS Code Execution Flaw Exploited to Deploy Malware
Anthropic Unveils Free Security Plugin for Claude Code Terminal to Detect Flaws
The hacker group and the tool they tried to use are not named, but Google said it helped the affected company stop a large attack, which seemed to be what the hackers wanted.
“Although we do not believe Gemini was used, based on the structure and content of these exploits, we have high confidence that the actor likely leveraged an AI model to support the discovery and weaponization of this vulnerability,” Google explained.
It added, “For example, the script contains an abundance of educational docstrings, including a hallucinated CVSS score, and uses a structured, textbook Pythonic format highly characteristic of LLMs training data (e.g., detailed help menus and the clean _C ANSI color class).”
Google pointed out that Chinese and North Korean state-sponsored hackers are very keen on using AI to find vulnerabilities. A group likely connected to China was seen using tools like Strix and Hexstrike to attack a Japanese tech company and a big cybersecurity firm in East Asia.
UNC2814 is a Chinese group that attacks telecom and government groups. They used a fake identity jailbreak where the AI pretends to be a top security auditor. This helped them research flaws in embedded devices, like TP-Link firmware with OFTP features.
Google says that the North Korean group known as APT45 sent out many repeated messages to look closely at CVEs and check PoC exploits.
“This results in a more robust arsenal of exploit capabilities that would be impractical to manage without AI assistance,” Google said in its report.
The complete report talks about self-running malware, AI helping to avoid defenses, attacks on supply chains, and bad actors seeking top access to LLMs.
