CyberVeille.chMay 11

📱 GTIG : Les acteurs malveillants exploitent l'IA pour la dĂ©couverte de vulnĂ©rabilitĂ©s et les opĂ©rations offensives
📝 ## 🌐 Contexte

Publié le 11 mai 2026 par le...
📖 cyberveille : https://cyberveille.ch/posts/2026-05-11-gtig-les-acteurs-malveillants-exploitent-l-ia-pour-la-decouverte-de-vulnerabilites-et-les-operations-offensives/
🌐 source : https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access?hl=en
#APT27 #APT45 #Cyberveille

GTIG : Les acteurs malveillants exploitent l'IA pour la découverte de vulnérabilités et les opérations offensives

🌐 Contexte PubliĂ© le 11 mai 2026 par le Google Threat Intelligence Group (GTIG), ce rapport constitue une mise Ă  jour du rapport de fĂ©vrier 2026 sur l’activitĂ© liĂ©e Ă  l’IA. Il s’appuie sur des engagements Mandiant, des donnĂ©es Gemini et des recherches proactives de GTIG. đŸ€– IA comme outil offensif DĂ©couverte de vulnĂ©rabilitĂ©s et exploitation Premier cas documentĂ© d’un acteur cybercriminel ayant utilisĂ© l’IA pour dĂ©velopper un exploit zero-day : un bypass de 2FA dans un outil d’administration web open-source, implĂ©mentĂ© en Python. L’exploitation de masse a Ă©tĂ© Ă©vitĂ©e grĂące Ă  la divulgation responsable de GTIG. UNC2814 (nexus PRC) a utilisĂ© des prompts de persona experte pour rechercher des vulnĂ©rabilitĂ©s dans des firmwares TP-Link et des implĂ©mentations OFTP. APT45 (nexus DPRK) a envoyĂ© des milliers de prompts rĂ©pĂ©titifs pour analyser des CVEs et valider des PoC exploits de maniĂšre automatisĂ©e. Des acteurs expĂ©rimentent avec le dĂ©pĂŽt wooyun-legacy (plugin Claude intĂ©grant +85 000 cas de vulnĂ©rabilitĂ©s rĂ©elles) pour l’apprentissage en contexte. Utilisation d’outils agentiques OpenClaw et OneClaw dans des environnements de test vulnĂ©rables. Obfuscation et Ă©vasion (malwares AI-augmentĂ©s) Malware Type d’obfuscation PROMPTFLUX Modification dynamique du code HONESTCUE GĂ©nĂ©ration de payload d’évasion (VBScript via Gemini API) CANFAIL Logique de leurre (decoy logic) LONGSTREAM Logique de leurre (decoy logic) APT27 (nexus PRC) a utilisĂ© Gemini pour dĂ©velopper une application de gestion de flotte pour un rĂ©seau ORB (Operational Relay Box), avec paramĂštre maxHops=3 et support de dispositifs MOBILE_WIFI/ROUTER. CANFAIL et LONGSTREAM (nexus Russie) ciblent des organisations ukrainiennes et intĂšgrent du code leurre gĂ©nĂ©rĂ© par LLM pour masquer leur fonctionnalitĂ© malveillante. 🩠 PROMPTSPY : Orchestration autonome d’attaques PROMPTSPY est un backdoor Android qui intĂšgre un module agent autonome nommĂ© GeminiAutomationAgent :

CyberVeille
The Threat CodexFeb 15
Beyond the Battlefield: Threats to the Defense Industrial Base
#UNC3886 #UNC5221 #APT44 #TEMP.Vermin #UNC5125 #UNC5792 #UNC4221 #UNC5976 #UNC5114 #APT45 #APT43 #UNC2970 #UNC1549 #UNC6446 #APT5 #HeavenOfTheSlavs #APT1 #APT40 #VoltTyphoon #UNC6508 #UNC5203 #UNC5318
https://cloud.google.com/blog/topics/threat-intelligence/threats-to-defense-industrial-base
Threats to the Defense Industrial Base | Google Cloud Blog

The defense sector faces a relentless barrage of operations conducted by state-sponsored actors and criminal groups.

Google Cloud Blog
lazarusholicFeb 13, 2025
"Cybercrime: A Multifaceted National Security Threat" published by Google. #APT38, #APT43, #APT45, #ITWorker, #Trend, #UNC1069, #UNC3782, #UNC4899, #DPRK, #CTI https://cloud.google.com/blog/topics/threat-intelligence/cybercrime-multifaceted-national-security-threat
Cybercrime: A Multifaceted National Security Threat | Google Cloud Blog

Google Threat Intelligence Group discusses the current state of cybercrime, and why it must be considered a national security threat.

Google Cloud Blog
Tech Cybersecurity NieuwsOct 2, 2024
Noord-koreaans apt-groep 'stonefly' richt zich op amerikaanse bedrijven voor winst https://www.trendingtech.news/trending-news/2024/10/40285/noord-koreaans-apt-groep-stonefly-richt-zich-op-amerikaanse-bedrijven-voor-winst #Stonefly #Noord-Korea #APT45 #ransomware #cybersecurity #Trending #News #Nieuws
Noord-koreaans apt-groep 'stonefly' richt zich op amerikaanse bedrijven voor winst

De beruchte Noord-Koreaanse Advanced Persistent Threat (APT) groep 'Stonefly' heeft zijn focus verlegd naar het aanvallen van Amerikaanse bedrijven voor financ

Tech Nieuws
lazarusholicAug 2, 2024
"How Are Cyberattacks Fueling North Korea’s Nuclear Ambitions?" published by CSIS. #Trend, #APT45, #DPRK, #CTI https://www.csis.org/analysis/how-are-cyberattacks-fueling-north-koreas-nuclear-ambitions
How Are Cyberattacks Fueling North Korea’s Nuclear Ambitions?

Last week, the United States and others accused a North Korean hacker group of global cyber espionage supporting North Korea's nuclear weapons program. Coordinated efforts among the U.S. government, allies, and the private sector are essential to combat this threat.

RedPacket SecurityJul 28, 2024

FBI and Mandiant Target Advanced North Korean Hackers Stealing US Defense Secrets - https://www.redpacketsecurity.com/fbi-mandiant-designate-advanced-north-korean-hackers-stealing-us-defense-secrets/

#Cybersecurity #North_Korea #APT45 #OSINT #Cyber

FBI and Mandiant Target Advanced North Korean Hackers Stealing US Defense Secrets - RedPacket Security

The Federal Bureau of Investigation (FBI), in collaboration with Mandiant—a cybersecurity firm owned by Google—has intensified its operations to identify and

RedPacket Security
lazarusholicJul 27, 2024
"APT45: North Korea’s Digital Military Machine" published by Mandiant. #APT45, #SHATTEREDGLASS, #Maui, #CTI, #OSINT, #LAZARUS https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine/
APT45: North Korea’s Digital Military Machine | Google Cloud Blog

APT45 is a long-running, moderately sophisticated North Korean cyber operator operating since as early as 2009.

Google Cloud Blog
Anonymous đŸˆïžđŸŸâ˜•đŸ”đŸŽđŸ‡”đŸ‡ž Jul 26, 2024

#NorthKorean cyber espionage group #APT45 is now deploying #ransomware.

This marks a significant shift from traditional espionage to financially-motivated attacks, affecting critical infrastructure.

https://thehackernews.com/2024/07/north-korean-hackers-shift-from-cyber.html

#CyberAwareness #ThreatIntelligence #Tech

North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks

North Korean hackers expand from espionage to ransomware attacks, targeting critical infrastructure and infiltrating US companies with stolen identiti

The Hacker News
RedPacket SecurityJul 26, 2024

FBI, Mandiant designate advanced North Korean hackers stealing US defense secrets - https://www.redpacketsecurity.com/fbi-mandiant-designate-advanced-north-korean-hackers-stealing-us-defense-secrets-26-07-2024/

#North_Korea_Cybersecurity #APT45 #Ransomware_Threats #OSINT #Cyber

FBI, Mandiant designate advanced North Korean hackers stealing US defense secrets - RedPacket Security

The FBI, along with Mandiant, a cybersecurity firm owned by Google, is intensifying its investigation into a highly skilled North Korean hacking group

RedPacket Security
Jon GreigJul 25, 2024

A notorious North Korean hacking group has been accused of stealing sensitive information and blueprints about guns, torpedoes and other weapon systems #APT45

https://therecord.media/north-korea-andariel-apt45-weapons-systems-nuclear-facilities

North Korean hacking group targeted weapons blueprints, nuclear facilities in cyber campaigns

A notorious North Korean hacking group has been accused of stealing sensitive information and blueprints about guns, torpedoes and other weapon systems.