Google · Open Source · China · North Korea · Cointelegraph
Hackers leveraged AI to craft zero-day attack to bypass 2FA: Google
·2 min read
Compiled by KHAO Editorial
— aggregated from 1 source + 9 references discovered via search.
See llms.txt for citation guidance.
✓ KHAO Verified
Google’s Threat Intelligence Group says it has “high confidence” a threat actor used an AI model to help discover and weaponize a vulnerability in a popular system admin tool.
Key facts
LLM access abuse is becoming industrialized as threat actors have built automated pipelines to cycle through premium AI accounts, pool API keys, and bypass safety guardrails at scale, effectively
Google’s Threat Intelligence Group says it identified what it believes is the first-ever case of hackers using artificial intelligence to develop a zero-day exploit
Google’s Threat Intelligence Group says it has “high confidence” a threat actor used an AI model to help discover and weaponize a vulnerability in a popular system admin tool
AI has been increasingly used in both cybersecurity and by crypto hackers seeking to carry out exploits or scams
Summary
Google’s Threat Intelligence Group says it identified what it believes is the first-ever case of hackers using artificial intelligence to develop a zero-day exploit. The group said in a Tuesday blog post that it had “observed prominent cybercrime threat actors partnering to plan a mass vulnerability exploitation operation,” using a zero-day vulnerability, a software flaw unknown to the vendor at the time of exploitation, that allowed them to bypass the two-factor authentication of an unnamed “popular open-source, web-based system administration tool.” The exploit required valid user credentials first, but bypassed the second authentication factor, which is often also used to secure crypto accounts and wallets. AI has been increasingly used in both cybersecurity and by crypto hackers seeking to carry out exploits or scams.