Nation-State Cyber Criminals Using AI to Streamline Targeting
Researchers, Google’s Threat Intelligence Group (GTIG)
|
Gemini and other AI tools have become vital parts of the operations of nation-state threat actors. Tools are being used by the threat actors to identify victims, carry out reconnaissance and research, and quickly produce phishing lures.
“Threat actors are increasingly using LLMs to create highly customized, culturally sensitive lures that can mimic the local language or the formal tone of a target institution.”
This ability goes beyond just creating emails to include "rapport-building phishing," in which models are employed to have convincing, multi-turn conversations with victims in order to foster confidence prior to the delivery of a malicious payload.
Adversaries can significantly eliminate those "tells" and increase the efficacy of their social engineering campaigns by reducing the entry barrier for non-native speakers and automating the production of high-quality material. |
In order to host harmful orders for ClickFix social engineering assaults, threat actors also exploited a variety of AI tools. The attackers got over the security measures that ChatGPT, CoPilot, DeepSeek, Gemini, Grok, and other programs use.
Researchers
“Although it is not a novel attack method, GTIG saw cases where threat actors tried to spread malware by abusing the public's confidence in generative AI services.”
“Threat actors are using the public sharing function of generative AI platforms, such as Gemini, to host misleading social engineering content in a new campaign that GTIG discovered."
“First noticed in early December 2025, this activity aims to deceive users into installing malware by using the popular 'ClickFix' method. A malicious command is copied and pasted into the command terminal by social engineering people using this ClickFix approach.”
|
Note: If you want to protect your confidential data against online threats, then you really need a reliable set of techniques and tools to strengthen your database security measures. For that, you can go for Craw Security’s specialized ShieldXDR, which detects and eliminates malicious attempts in a timely manner to secure your data. Go for it! |
Security Learning Resources
- What Is AI Security Posture Management (AI-SPM)?
- Winner of the AI Arms Race: Threat Actors vs Cybersecurity Defenders
- Phishing Simulation: How It Works to Reduce Risk? | PhishNext
- 50% Rise in Ransomware Attacks Even as Payments Drop
- Top Tools That Hackers Use to Weaponize Emails | PhishNext
- Top Six Key Benefits & Core Features of Endpoint Security | PhishNext
- AI and Vishing Social Engineering Risks Aiming Businesses
- Phishing Scam Targets India AI Impact Summit Attendees: Urgent Security Advisory
- Even After AI Improves Secure Development, Why Cybersecurity Still Matters
