Google finds state-sponsored hackers use AI at ‘all stages’ of attack cycle 

Staff Editor 2026-02-12
Google finds state-sponsored hackers use AI at ‘all stages’ of attack cycle 

Google finds state-sponsored hackers use AI at ‘all stages’ of attack cycle 

https://cyberscoop.com/state-hackers-using-gemini-google-ai/

Publish Date: 2026-02-12 16:24:00

Source Domain: cyberscoop.com

A new report from Google found evidence that state-sponsored hacking groups have leveraged AI tool Gemini at nearly every stage of the cyber attack cycle.

The research underscores how AI tools have matured in their cyber offensive capabilities, even as it doesn’t reveal novel or paradigm shifting uses of the technology.

John Hultquist, chief analyst at Google’s Threat Intelligence Group, told CyberScoop that many countries still appear to be experimenting with AI tools, determining where they best fit into the attack chain and provide more benefit than friction.

“Nobody’s got everything completely worked out,” Hultquist said. “They’re all trying to figure this out and that goes for attacks on AI, too.”

But the report also reveals that frontier AI models can build speed, scale and sophistication into a myriad of hacking tasks, and state-sponsored hacking groups are taking advantage.

Gemini was a useful, dynamic and convenient tool for many tasks, helping threat actors in a variety of different ways. In nearly all cases, Google’s reporting suggests that state-sponsored actors relied on Gemini as one tool among many, using it for specific purposes such as automating routine processes, conducting research or reconnaissance and experimenting with malware.

One North Korean group used it to synthesize open-source intelligence about job roles and salary information at cybersecurity and defense companies. Another North Korean group consulted it “multiple days a week” for technical support, using it to troubleshoot problems and generate new malware code when they got stuck during an operation. One Iranian APT used Gemini to “significantly augment reconnaissance” techniques against targeted victims. China, Russia, Iran and North Korea all also used Gemini to create fake articles, personas, and other assets for information operations.

“What’s so interesting about this capability is it’s going to have an effect…

Source

More Stories

Diaspo #444: From supercomputers to cybersecurity, Asmae Mhassni’s unconventional path

Diaspo #444: From supercomputers to cybersecurity, Asmae Mhassni’s unconventional path

Staff Editor 2026-06-06
Opal Security Raises Million for AI-Native Identity Governance

Opal Security Raises $23 Million for AI-Native Identity Governance

Staff Editor 2026-06-06
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy