Over 57 state-sponsored threat actors linked to China, Iran, North Korea, and Russia have been observed utilizing Google’s AI technology to enhance their cyber and information operations.
According to a report from Google Threat Intelligence Group (GTIG), these groups are primarily using AI for research, troubleshooting code, and content generation rather than developing entirely new attack capabilities. Advanced Persistent Threat (APT) actors have incorporated AI tools into various stages of their attack cycles, from reconnaissance and coding malicious scripts to evading detection and gathering intelligence on potential targets.
Iranian APT groups, particularly APT42, have been among the most prolific users of Google’s AI, leveraging it for phishing campaigns, reconnaissance on defense organizations, and crafting cybersecurity-related content. APT42, also known as Charming Kitten or Mint Sandstorm, has a history of sophisticated social engineering attacks targeting NGOs, media, academia, and activists by masquerading as journalists or event organizers. Meanwhile, Chinese APT actors have used AI for reconnaissance, privilege escalation, data exfiltration, and evading security measures. Russian hackers primarily relied on AI to modify existing malware by changing its code and adding encryption layers, while North Korean actors used AI to research IT job markets and craft fake cover letters—an effort likely aimed at placing operatives in Western companies.
Beyond direct cyber threats, underground forums have begun promoting illicit versions of large language models (LLMs) such as WormGPT, WolfGPT, and FraudGPT, which are explicitly designed for phishing, business email compromise (BEC), and fraudulent website generation. Additionally, APT groups from over 20 countries have misused AI for content creation, translation, and disinformation campaigns. Google has responded by strengthening defenses against AI exploitation and emphasized the need for public-private collaboration to bolster national cybersecurity. The company has called for closer coordination between industry and government to counter these growing threats and protect economic and national security.
