Google has sounded an alert around the increasing use of AI by North Korean hackers targeting the crypto sector. This week, Google released its AI Threat Track report, that claimed that AI tools are being put to use across multiple stages of cyber attacks by North Korean hackers to steal cryptoassets and provide financial support to the regime.
The Google Threat Intelligence Group (GTIG) report said that AI was being used to manipulate code, generate malware, and evade detection by security actors. The malware families PROMPTFLUX and PROMPTSTEAL illustrate the direct integration of AI models into the attackers’ operations, the report noted.
Citing an example, the report claimed that North Korean threat actor UNC1069 (aka MASAN) has attempted to exploit Gemini – Google’s generative AI chatbot – to whip up code that was intended to steal crypto assets. The code was identified with fraudulent directions, imitating a software update which if interacted with, could have stolen the users’ credentials.
“We have disabled this account,” the report noted.
Social engineering crypto attacks are also becoming popular among malicious North Korean attackers. The report claimed that AI’s misuse to generate deepfake images and video content impersonating public figures has become a casual practice among cyber attackers.
“GTIG continues to observe IO actors utilize Gemini for research, content creation, and translation, which aligns with their previous use of Gemini to support their malicious activity. We have identified Gemini activity that indicates threat actors are soliciting the tool to help create articles or aid them in building tooling to automate portions of their workflow,” the report noted.
The tech giant, however, has clarified that it has not been able to identify these generated articles in the wild.
Amid the evolving AI landscape, Google said that its AI teams are working closely with the Trust and Safety teams to improve its threat intelligence capabilities. The tech giant is focussing on designing AI tools that could stem the misuse of this advanced technologies at initiation.
“We recently introduced CodeMender, an experimental AI-powered
agent utilizing the advanced reasoning capabilities of our Gemini models to automatically fix critical code vulnerabilities,” the report highlighted.
In recent months, members of the crypto community have been raising alarms around the rising activities of North Korean hackers and scammers, targeting the crypto space that is presently valued at $3.38 trillion.
Recently, Binance founder Changpeng Zhao (CZ) warned crypto firms that North Korean hackers are trying to pose as software professionals, trying to get jobs.
Earlier this year, the U.S. Treasury Department imposed new sanctions against a North Korea-linked cyber network accused of placing IT workers inside crypto firms to steal sensitive data and divert funds to the regime’s weapons programs.
As per a recent report by blockchain analytics firm Elliptic, North Korean crypto hackers have already stolen over $2 billion this year so far from over thirty attacks.