The post Google warns North Korea, Iran, and China are using AI to enhance cyberattacks appeared com. A new report from Google’s Threat Analysis Group (GTAG) has shown that state-backed hackers from North Korea, Iran, and China are actively experimenting and optimizing cyberattacks with artificial intelligence (AI) tools, which in this case was Google’s Gemini. Google said it had observed multiple state-affiliated groups using its large language models for reconnaissance, social engineering, malware development, and enhancing “all stages of their operations, from reconnaissance and phishing lure creation to command and control (C2) development and data exfiltration.” The report found evidence of novel and sophisticated AI-enabled attacks. It warned that generative AI is lowering the technical barriers for malicious operations by helping attackers work faster and with greater precision. The report builds on similar warnings from Microsoft and OpenAI, which disclosed comparable experimentation by the same trio of nation-backed actors. Also, Anthropic, the company behind Claude AI, released a report on how it has been detecting and countering the use of AI for attacks, and North Korea-linked groups were the prominent bad actors that featured in the report. North Korean state actors turn to AI In its latest threat intelligence update, Google detailed how an Iranian group known as TEMP. Zagros, also known as MuddyWater, used Gemini to generate and debug malicious code disguised as academic research, with the end goal of developing custom malware. In doing so, it inadvertently exposed key operational details that allowed Google to disrupt parts of its infrastructure. China-linked actors were found using Gemini to improve phishing lures, perform reconnaissance on targeted networks, and research lateral movement techniques once inside compromised systems. In some cases, they misused Gemini to explore unfamiliar environments, such as cloud infrastructure, Kubernetes, and vSphere, indicating an effort to expand their technical reach. North Korean operators, meanwhile, have been observed probing AI tools to enhance reconnaissance and phishing campaigns. One.