State-sponsored hacking groups from China, Iran, North Korea, and Russia are actively using Google’s Gemini AI model to support nearly every stage of cyber attacks, according to a new report from Google Threat Intelligence Group (GTIG).
The report says advanced persistent threat (APT) groups are using Gemini for reconnaissance, open-source intelligence gathering, phishing lure creation, malware development, vulnerability testing, and even post-compromise activities like data exfiltration and command-and-control setup. Tracked groups include China-linked APT31 and Temp.HEX, Iran’s APT42, North Korea’s UNC2970, and multiple Russia-aligned actors.
According to Google, some Chinese attackers went as far as crafting fake cybersecurity scenarios to trick Gemini into acting like an expert analyst. In one case, the model was asked to analyze remote code execution flaws, web application firewall bypass techniques, and SQL injection test results against specific US-based targets. Other actors repeatedly used Gemini to fix broken exploit code, research intrusion techniques, and speed up operational planning.
Iranian group APT42 was observed using Gemini heavily for social engineering, including phishing content generation and rapid development of custom malicious tools. GTIG also identified AI-assisted development in known malware families such as CoinBait, a cryptocurrency-themed phishing kit, and HonestCue, a proof-of-concept malware framework.
HonestCue, first seen in late 2025, uses the Gemini API to dynamically generate C# code for second-stage malware, compile it in memory, and execute it without touching disk. CoinBait, meanwhile, is a React-based phishing platform that shows clear signs of AI-generated code, including unusual logging artifacts that may inadvertently help defenders trace data exfiltration behavior.
Beyond malware development, cybercriminals are also using generative AI in so-called ClickFix campaigns. These attacks rely on malicious ads placed in search results, tricking users into running dangerous commands under the guise of fixing common problems. In several cases, the campaigns delivered AMOS information-stealing malware targeting macOS users.
GTIG also warned about a growing threat to AI providers themselves: large-scale AI model extraction and knowledge distillation attacks. In these campaigns, attackers use authorized API access to flood models like Gemini with carefully crafted prompts to replicate their reasoning and rebuild similar systems at a fraction of the cost. In one documented case, Gemini was targeted with more than 100,000 prompts across multiple non-English languages.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Google says it has disabled accounts and infrastructure linked to confirmed abuse and has strengthened Gemini’s internal safeguards to make misuse harder. The company emphasized that while AI misuse by threat actors has not yet resulted in major technical breakthroughs, it expects attackers to increasingly integrate AI tools into their operations.
