{"id":212987,"date":"2026-02-13T06:06:00","date_gmt":"2026-02-13T11:06:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/13\/state-backed-hackers-exploit-gemini-ai-for-cyber-recon-and-attacks\/"},"modified":"2026-02-13T06:35:11","modified_gmt":"2026-02-13T11:35:11","slug":"state-backed-hackers-exploit-gemini-ai-for-cyber-recon-and-attacks","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/13\/state-backed-hackers-exploit-gemini-ai-for-cyber-recon-and-attacks\/","title":{"rendered":"state-backed hackers exploit Gemini AI for cyber recon and attacks"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/187958\/ai\/google-state-backed-hackers-exploit-gemini-ai-for-cyber-recon-and-attacks.html\">state-backed hackers exploit Gemini AI for cyber recon and attacks<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/187958\/ai\/google-state-backed-hackers-exploit-gemini-ai-for-cyber-recon-and-attacks.html\">https:\/\/securityaffairs.com\/187958\/ai\/google-state-backed-hackers-exploit-gemini-ai-for-cyber-recon-and-attacks.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-13 06:06:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p><h2>Google: state-backed hackers exploit Gemini AI for cyber recon and attacks<\/h2>\n<\/p>\n<p>\t\t\t\t\t\t\t<span> Pierluigi Paganini<\/span><br \/>\n\t\t\t\t\t\t\t<span><img decoding=\"async\" src=\"https:\/\/securityaffairs.com\/wp-content\/themes\/security_affairs\/images\/clock-icon.svg\" alt=\"\"\/> February 13, 2026<\/span><\/p>\n<p>\t\t\t\t\t\t<img decoding=\"async\" class=\"img-fluid mb-4\" src=\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2026\/02\/image-28.png?fit=1500%2C599&#038;ssl=1\" alt=\"\"\/><\/p>\n<h2 class=\"wp-block-heading\">Google says nation-state actors used Gemini AI for reconnaissance and attack support in cyber operations.<\/h2>\n<p>Google DeepMind and GTIG report a rise in model extraction or \u201cdistillation\u201d attacks aimed at stealing AI intellectual property, which Google has detected and blocked. While APT groups have not breached frontier models, private firms and researchers have tried to clone proprietary systems. State-backed actors from North Korea, Iran, China, and Russia use AI for research, targeting, and phishing. Threat actors also test agentic AI, AI-powered malware like HONESTCUE, and underground \u201cjailbreak\u201d services. <\/p>\n<p>Threat actors now use large language models to craft polished, culturally accurate phishing messages that remove common red flags like poor grammar. They also run \u201crapport-building\u201d phishing, holding realistic multi-step conversations to gain trust before delivering malware. <\/p>\n<p>Google reported that North Korea-linked hacker group UNC2970 used its Gemini AI model to gather intelligence on targets and support cyber operations. The company also said other threat groups now weaponize generative AI to speed up attack stages, run information operations, and even attempt model extraction attacks.<\/p>\n<p>\u201cThe North Korean government-backed actor\u00a0<strong>UNC2970<\/strong>\u00a0has consistently focused on defense targeting and impersonating corporate recruiters in their campaigns. The group used Gemini to synthesize OSINT and profile high-value targets to support campaign planning and reconnaissance.\u201d reads the report published by Google. \u201cThis actor\u2019s target profiling included searching for information on major cybersecurity and defense companies and mapping specific technical job roles and salary information.\u00a0\u201c<\/p>\n<p>Iran-linked group APT42 also used generative AI tools like Gemini to boost&#8230;<\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/187958\/ai\/google-state-backed-hackers-exploit-gemini-ai-for-cyber-recon-and-attacks.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>state-backed hackers exploit Gemini AI for cyber recon and attacks https:\/\/securityaffairs.com\/187958\/ai\/google-state-backed-hackers-exploit-gemini-ai-for-cyber-recon-and-attacks.html Publish Date: 2026-02-13 06:06:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":212988,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2026\/02\/image-28.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,31,35,32,25],"class_list":["post-212987","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-exploit","tag-hacker","tag-malware","tag-phishing"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/212987"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=212987"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/212987\/revisions"}],"predecessor-version":[{"id":212989,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/212987\/revisions\/212989"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/212988"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=212987"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=212987"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=212987"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}