state-backed hackers exploit Gemini AI for cyber recon and attacks

Staff Editor 2026-02-13
state-backed hackers exploit Gemini AI for cyber recon and attacks

state-backed hackers exploit Gemini AI for cyber recon and attacks

https://securityaffairs.com/187958/ai/google-state-backed-hackers-exploit-gemini-ai-for-cyber-recon-and-attacks.html

Publish Date: 2026-02-13 06:06:00

Source Domain: securityaffairs.com

Google: state-backed hackers exploit Gemini AI for cyber recon and attacks

Pierluigi Paganini
February 13, 2026

Google says nation-state actors used Gemini AI for reconnaissance and attack support in cyber operations.

Google DeepMind and GTIG report a rise in model extraction or “distillation” attacks aimed at stealing AI intellectual property, which Google has detected and blocked. While APT groups have not breached frontier models, private firms and researchers have tried to clone proprietary systems. State-backed actors from North Korea, Iran, China, and Russia use AI for research, targeting, and phishing. Threat actors also test agentic AI, AI-powered malware like HONESTCUE, and underground “jailbreak” services.

Threat actors now use large language models to craft polished, culturally accurate phishing messages that remove common red flags like poor grammar. They also run “rapport-building” phishing, holding realistic multi-step conversations to gain trust before delivering malware.

Google reported that North Korea-linked hacker group UNC2970 used its Gemini AI model to gather intelligence on targets and support cyber operations. The company also said other threat groups now weaponize generative AI to speed up attack stages, run information operations, and even attempt model extraction attacks.

“The North Korean government-backed actor UNC2970 has consistently focused on defense targeting and impersonating corporate recruiters in their campaigns. The group used Gemini to synthesize OSINT and profile high-value targets to support campaign planning and reconnaissance.” reads the report published by Google. “This actor’s target profiling included searching for information on major cybersecurity and defense companies and mapping specific technical job roles and salary information. “

Iran-linked group APT42 also used generative AI tools like Gemini to boost…

Source

More Stories

NSA taps three officials for top cybersecurity positions

NSA taps three officials for top cybersecurity positions

Staff Editor 2026-06-01
Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

Staff Editor 2026-06-01
Cybersecurity for SMEs: a danger that is all too often overlooked

Cybersecurity for SMEs: a danger that is all too often overlooked

Staff Editor 2026-06-01

Terms and Conditions - Privacy Policy