Google Reports Nation-State Hackers Using Gemini AI to Accelerate Reconnaissance and Attack Support
Google’s Threat Intelligence Group (GTIG) reported that multiple state-backed threat actors are abusing Google’s Gemini generative AI to speed up key phases of the attack lifecycle, particularly target reconnaissance and profiling. GTIG said it observed North Korea-linked UNC2970 using Gemini to synthesize OSINT and build detailed profiles of high-value targets—researching major cybersecurity and defense companies, mapping technical job roles, and even gathering salary information—to support campaign planning and enable more tailored social engineering.
GTIG also assessed that other government-aligned groups in China, North Korea, and Iran are using Gemini for tasks including coding/scripting, researching publicly known vulnerabilities, and supporting post-compromise activity. One example cited involved a Chinese actor using Gemini to compile information on specific individuals in Pakistan and to collect structural data on separatist organizations; Google said it disabled the assets used in that activity, while noting similar Pakistan-focused targeting persisted. GTIG characterized this AI-enabled workflow as blurring the line between routine research and malicious reconnaissance, allowing actors to move from initial research to active targeting faster and at broader scale.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Google reports state-backed hackers using Gemini across attack lifecycle
On February 12, 2026, Google Threat Intelligence Group publicly reported that threat actors linked to China, North Korea, Iran, and other countries were using Gemini to accelerate reconnaissance, target profiling, social engineering, vulnerability analysis, and malware development. Google said the activity mostly improved attacker productivity rather than enabling fully autonomous or novel AI-driven intrusions.
Google disables accounts tied to Gemini abuse by threat actors
Google said it disabled assets and accounts associated with malicious use of Gemini by state-backed and criminal actors and added defenses to harden the service against abuse. The action accompanied findings that attackers were using Gemini for reconnaissance, phishing support, vulnerability research, and malware-related tasks.
Google detects and disrupts large-scale Gemini model extraction attempts
Before publishing its February 2026 report, Google DeepMind and GTIG detected and blocked model extraction or distillation attacks against Gemini, including one campaign involving more than 100,000 prompts. Google said it disrupted the activity as part of broader defenses against theft of proprietary model capabilities.
Google identifies COINBAIT AI-assisted phishing kit
In November 2025, Google identified COINBAIT, an AI-assisted phishing kit impersonating a cryptocurrency exchange. Reporting linked the kit at least in part to UNC5356.
Google tracks HONESTCUE malware using Gemini API for second-stage code
In September 2025, Google observed a malware family it named HONESTCUE that used the Gemini API to generate malicious C# second-stage functionality and execute it in a fileless manner. Google said the malware was not yet tied to a known threat cluster.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
6 references tracked. Mallory keeps watching after this page renders.
Google reports that state hackers from China, Russia and Iran are using Gemini in 'all stages' of attacks - phishing lures, coding and vulnerability testing get AI underpinnings from hostile actors | Tom's Hardware
tomshardware.com
Open sourceGoogle: state-backed hackers exploit Gemini AI for cyber recon and attacks
securityaffairs.com
Open sourceState Hackers Turn Google AI Into Attack Acceleration Tool
bankinfosecurity.com
Open sourceGoogle finds state-sponsored hackers use AI at 'all stages' of attack cycle | CyberScoop
cyberscoop.com
Open sourceGoogle Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support
thehackernews.com
Open sourceNation-state hackers ramping up use of Gemini for target reconnaissance, malware coding, Google says | The Record from Recorded Future News
therecord.media
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Google Disrupts AI-Built Zero-Day Exploit Targeting 2FA in Web Admin Tool
Google Threat Intelligence Group said it disrupted what it believes is the first observed cybercriminal campaign to use AI to develop a working zero-day exploit, preventing a likely mass-exploitation event against an unnamed open-source web administration tool. The flaw was a semantic logic issue in a Python script that allowed two-factor authentication bypass with valid credentials, and Google said the exploit code showed strong signs of LLM assistance, including heavily annotated Python, educational docstrings, textbook formatting, and even a hallucinated CVSS score. Google notified the vendor before the exploit was deployed at scale, and researchers assessed with high confidence that the code was generated with meaningful help from an AI model other than Gemini. Google said the case reflects a broader shift as threat actors industrialize generative AI across the attack lifecycle, from vulnerability research and exploit validation to malware development, obfuscation, reconnaissance, and social engineering. The company linked this trend to activity from China-, North Korea-, and Russia-aligned operators, and highlighted examples including **PROMPTSPY**, an Android backdoor that used the Gemini API to interpret device interfaces and automate clicks and swipes, as well as supply-chain compromises tied to repositories associated with **Trivy**, **Checkmarx**, **LiteLLM**, and **BerriAI**. Google said it has disabled malicious Gemini-linked assets and urged organizations to harden CI/CD pipelines, protect tokens, and scrutinize AI-related dependencies and abuse infrastructure.
May 13, 2026
Adversaries Leverage Gemini AI for Self-Modifying Malware and Data Processing Agents
Google's Threat Intelligence Group (GTIG) has identified a significant evolution in cybercriminal and nation-state tactics, with adversaries now leveraging Gemini AI to develop advanced malware and data processing agents. Notably, groups such as APT42 have experimented with Gemini to create a 'Thinking Robot' malware module capable of rewriting its own code during execution to evade detection, as well as AI agents that process and analyze sensitive personal data for surveillance and intelligence gathering. These developments mark a shift from previous uses of AI for productivity, such as phishing and translation, to direct integration of AI into malware operations. The experimental PromptFlux malware dropper exemplifies this trend, utilizing Gemini to dynamically generate obfuscated VBScript variants and periodically update its code to bypass antivirus defenses. PromptFlux attempts persistence via Startup folder entries and spreads through removable drives and network shares, while its 'Thinking Robot' module queries Gemini for new evasion techniques. Although PromptFlux is still in early development and not yet capable of causing significant harm, Google has proactively disabled its access to the Gemini API. Other AI-powered malware, such as FruitShell, have also been observed, indicating a broader move toward AI-driven, self-modifying threats in the wild.
Mar 21, 2026
Google GTIG Warns of Intensifying Nation-State Targeting of the Defense Industrial Base
Google’s Threat Intelligence Group (GTIG) reported sustained and expanding cyber operations against the **defense industrial base (DIB)** by state-linked and aligned actors from **China, Iran, North Korea, and Russia**, driven by battlefield technology demands and geopolitical conflict. Reported themes include targeting defense organizations supporting the Russia–Ukraine war, **social engineering and recruitment/hiring-process abuse** aimed at employees (notably attributed to North Korean and Iranian activity), increased reliance on **edge devices and appliances** for initial access by China-nexus groups, and heightened **supply-chain exposure** tied to compromises in adjacent manufacturing ecosystems. The reporting highlights specific tactics and actor activity, including Russia-linked **APT44 (Sandworm)** efforts to access data from **Telegram and Signal**, including use of a Windows batch script (`WAVESIGN`) to decrypt and exfiltrate data from Signal Desktop after likely obtaining physical access to devices in Ukraine. Additional activity described includes Ukraine-focused campaigns using defense-themed lures (e.g., drones and counter-drone systems) and broader nation-state use of **zero-day exploitation in edge devices** to establish footholds in defense contractors’ networks, reinforcing GTIG’s assessment that “pre-positioning” and continuous access-building are now baseline expectations for DIB organizations.
Mar 21, 2026