Iranian Hackers Use ChatGPT, Gemini for US and Israel Attacks

Key Takeaways

• Iranian threat actors use ChatGPT and Gemini throughout their entire attack chain, from malware development to phishing
• AI-generated phishing messages now appear in flawless Hebrew and Arabic, removing linguistic red flags that helped victims spot scams
• The UAE reports facing over 500 million daily cyberattacks, many now AI-assisted

AI Tools Power Iranian Cyber Operations

Iranian hackers are using ChatGPT and Gemini to turbocharge cyberattacks against the United States and Israel, according to a Financial Times report. The attackers use these AI models to develop malware, write phishing messages in native-level Hebrew and Arabic, and create fake online personas that can target victims at far greater scale than before.

Cybersecurity analysts told the Financial Times they see evidence of AI use across every stage of Iranian cyber operations. The shift represents a major upgrade from earlier, cruder digital tactics toward sophisticated, automated campaigns.

“We are seeing signs that they are using AI prompts the entire way. It has absolutely helped them raise their game.”

— Cybersecurity analyst, speaking to the Financial Times

Perfect Language Removes Key Warning Sign

The most dangerous development may be the elimination of linguistic errors. Phishing campaigns that once contained awkward phrasing or grammatical mistakes now read like messages from native speakers. This removes the primary indicator civilians use to identify social engineering attempts.

Israeli citizens report being targeted with relentless waves of phishing texts and emails. Some messages explicitly invite recipients to collaborate with Iranian intelligence. The attacks rely on convincing targets to click malicious links, a process that can take weeks of building trust under a fake identity.

“If you are from Tehran and trying to pretend to be the HR person at a defence contractor, it is a heavy lift to talk to someone for a month and come off as a person living in California.”

— Check Point, speaking to the Financial Times

Gil Messing of Israeli cybersecurity firm Check Point told the Financial Times that Iranian hackers now automate much of this work. "They are using every tool they can in order to expedite their efforts through AI," he said.

Scale of the Problem

The UAE has stated it faces between 500,000 and 700,000 cyberattack attempts daily, with many now augmented by AI tools like ChatGPT. Iran's use of AI has helped maintain pressure on the US and Israel during the ceasefire period by scanning for vulnerabilities while protecting Iran's own systems.

Iranian state-sponsored groups like APT42, also known as Charming Kitten, have experimented with AI for years. But the growing power of generative AI models has made these operations far more threatening. Security researchers describe generative AI as a "force multiplier" that lowers the barrier to sophisticated espionage.

OpenAI's Response

OpenAI, the company behind ChatGPT, told the Financial Times it takes action when it identifies harmful activity. "Where we identify harmful activity, we take enforcement action, including disabling accounts, terminating access, or limiting capabilities being abused," the company said.

Security researchers and online communities remain skeptical about whether AI guardrails can stop determined state-sponsored actors. Discussions on cybersecurity forums highlight that many see this development as inevitable. The tools that make AI assistants helpful for legitimate users also make them useful for attackers.

What This Means for Security

Organizations and individuals can no longer rely on spotting poor grammar or awkward phrasing to identify phishing attempts. The AI-generated messages look professional and read naturally. Security teams need to focus on other indicators: unexpected requests, unfamiliar senders, and verification of identity through separate channels.

For companies with sensitive information or government contracts, the threat is immediate. Iranian hackers specifically target defense contractors and intelligence-adjacent organizations. The combination of perfect language, automated persona management, and AI-assisted vulnerability scanning creates a more formidable adversary than the region has faced before.

Frequently Asked Questions

Which AI tools are Iranian hackers using?

According to the Financial Times report, Iranian threat actors use both ChatGPT (made by OpenAI) and Gemini (made by Google) throughout their cyber operations.

How does AI help hackers write better phishing messages?

AI models can generate text in perfect Hebrew and Arabic, eliminating the grammatical errors and awkward phrasing that previously helped victims identify scam messages.

What is OpenAI doing to stop misuse of ChatGPT?

OpenAI says it takes enforcement action when it identifies harmful activity, including disabling accounts, terminating access, and limiting abused capabilities.

How many cyberattacks does the UAE face daily?

The UAE government has stated it faces between 500,000 and 700,000 cyberattack attempts daily, with many now assisted by AI tools.

Who are the Iranian hackers behind these attacks?

Security researchers identify groups like APT42 (also called Charming Kitten) as Iranian state-sponsored actors using AI to enhance their cyber operations.

Source: mint / Aman Gupta