Iranian hackers are using Western AI models, including ChatGPT and Gemini, to strengthen cyber operations against the United States and Israel, according to a report cited by Mint. The report said threat actors are using AI to develop malware, write phishing messages in Hebrew and Arabic, and create fake online personas capable of targeting victims at a larger scale.
AI Tools Used Across Cyber Operations
Cybersecurity analysts have reportedly observed signs that Iranian threat actors are using AI tools at different stages of their operations. “We are seeing signs that they are using AI prompts the entire way,” a cybersecurity analyst told the Financial Times. “It has absolutely helped them raise their game.”
FCRF’s Flagship Cyber Law Certification Returns With a New Four-Week Cohort
The report said Iran’s use of AI tools helped maintain pressure on the US and Israel during the ceasefire by scanning the internet for enemy vulnerabilities while also safeguarding Iran’s own weaknesses.
The UAE has also previously said it was facing more than half a billion cyberattacks every day, abetted by ChatGPT. Israeli citizens have also reported being targeted with relentless phishing texts and emails, with some messages explicitly inviting targets to collaborate with Iranian intelligence.
Phishing, Fake Personas and Automated Targeting
According to the report, attackers rely on convincing unsuspecting targets to click on suspicious links. Such efforts earlier required weeks of conversation with targets under fake identities to build trust before coaxing them into making a mistake.
Gil Messing of Israeli cybersecurity firm Check Point told the Financial Times that the process is now being automated. “This is all being done automatically,” he said. “They are using every tool they can in order to expedite their efforts through AI.”
The report also said Google had spotted the state-backed group APT42 using Gemini shortly before the conflict began in late February. Western companies have tried to keep Iranian actors out, but the report noted that identifying new accounts quickly has become difficult.
Platforms Face Pressure to Curb Harmful Use
In a statement to the Financial Times, OpenAI said that where it identifies harmful activity, it takes enforcement action, including disabling accounts, terminating access or limiting capabilities being abused.
The report added that Iran’s efforts to use AI in military-linked activity are not limited to cyber operations. Experts cited by the publication said Iran views AI as a strategic technology that could help offset limitations imposed by international sanctions.
The report also said the US has used AI in its attack against Iran to move through targets at a much higher pace than before. It said the US relied on Palantir’s Maven Smart System and Anthropic’s Claude model to assist with intelligence analysis and military planning.
