AI-Powered Hackers Bypass Google 2FA with Zero-Day Exploit

Severity: High (Score: 74.0)

Sources: Tweaktown, Gbhackers, Heise.De, Bgr, Memeburn

Summary

Google's Threat Intelligence Group confirmed the first instance of hackers using AI to create a zero-day exploit that bypasses two-factor authentication (2FA) on a popular open-source web-based admin tool. The exploit, written in Python, was designed by a prominent cybercrime group and aimed at facilitating mass exploitation. Google detected the exploit before it could be deployed, patching the vulnerability in collaboration with the affected vendor. The AI-generated code exhibited characteristics typical of large language models, including structured formatting and a fabricated CVSS score. Analysts suspect that state-backed groups from China and North Korea are leveraging AI to identify and exploit vulnerabilities. This incident marks a significant shift in the landscape of cyber threats, indicating that AI tools are now being weaponized by adversaries. The implications for cybersecurity are profound, as AI can uncover logic flaws that traditional scanners might miss. Key Points: • Hackers used AI to develop a zero-day exploit bypassing Google 2FA. • The exploit targeted a widely used open-source admin tool and was detected before deployment. • State-backed groups from China and North Korea are likely involved in AI-driven cyberattacks.

Key Entities

• Apt45 (apt_group)
• Malware (attack_type)
• Phishing (attack_type)
• Zero-day Exploit (attack_type)
• Instructure (company)
• TP-Link (company)
• China (country)
• North Korea (country)
• CWE-287 - Improper Authentication (cwe)
• T1566 - Phishing (mitre_attack)
• Gemini (tool)
• Gmail (tool)
• Python (tool)
• Linux (platform)
• Claude Mythos Preview (platform)
• Dirty Frag (vulnerability)