{"id":215082,"date":"2026-02-12T02:00:00","date_gmt":"2026-02-12T07:00:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/12\/google-says-hackers-are-abusing-gemini-ai-for-all-attacks-stages\/"},"modified":"2026-02-18T20:05:12","modified_gmt":"2026-02-19T01:05:12","slug":"google-says-hackers-are-abusing-gemini-ai-for-all-attacks-stages","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/12\/google-says-hackers-are-abusing-gemini-ai-for-all-attacks-stages\/","title":{"rendered":"Google says hackers are abusing Gemini AI for all attacks stages"},"content":{"rendered":"<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-says-hackers-are-abusing-gemini-ai-for-all-attacks-stages\/\">Google says hackers are abusing Gemini AI for all attacks stages<\/a><\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-says-hackers-are-abusing-gemini-ai-for-all-attacks-stages\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/google-says-hackers-are-abusing-gemini-ai-for-all-attacks-stages\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-12 02:00:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.bleepingcomputer.com\">www.bleepingcomputer.com<\/a><\/p>\n<p style=\"text-align:center\">\n<p>State-backed hackers\u00a0are using Google&#8217;s Gemini AI model to support all\u00a0stages of an attack, from reconnaissance to post-compromise actions.<\/p>\n<p>Bad actors from China (APT31, Temp.HEX), Iran (APT42), North Korea (UNC2970), and Russia used Gemini for target profiling and open-source intelligence, generating phishing lures, translating text, coding, vulnerability testing, and troubleshooting.<\/p>\n<p>Cybercriminals are also showing increased interest in AI tools and services that could help in illegal activities, such as social engineering ClickFix campaigns.<\/p>\n<p> <img decoding=\"async\" src=\"https:\/\/www.bleepstatic.com\/c\/w\/ai-security-board-report-template.jpg\" alt=\"Wiz\" style=\"margin-top: 0px;\"\/><\/p>\n<h3>AI-enhanced malicious activity<\/h3>\n<p>The Google Threat Intelligence Group (GTIG) notes in a report today that APT adversaries use Gemini to support their campaigns &#8220;from\u00a0reconnaissance and phishing lure creation to command and control\u00a0 (C2) development and data\u00a0exfiltration.&#8221;<\/p>\n<p>Chinese threat actors employed an expert cybersecurity persona to request that Gemini automate vulnerability analysis and provide targeted testing plans in the context of a fabricated scenario.<\/p>\n<p>\u201cThe PRC-based threat actor fabricated a scenario, in one case trialing Hexstrike MCP tooling, and directing the model to analyze Remote Code Execution (RCE), WAF bypass techniques, and SQL injection test results against specific US-based targets,\u201d Google says.<\/p>\n<p>Another China-based actor frequently employed Gemini to fix their code, carry out research, and provide advice on technical capabilities for intrusions.<\/p>\n<p>The Iranian adversary APT42 leveraged Google&#8217;s LLM for social engineering campaigns, as a development platform to speed up the creation of tailored malicious tools (debugging, code generation, and researching exploitation techniques).<\/p>\n<p>Additional threat actor abuse was observed for\u00a0implementing new capabilities into existing malware families, including the CoinBait phishing kit and the HonestCue malware downloader and launcher.<\/p>\n<p>GTIG notes that no major breakthroughs have occurred in that respect, though the tech giant&#8230;<\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-says-hackers-are-abusing-gemini-ai-for-all-attacks-stages\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google says hackers are abusing Gemini AI for all attacks stages https:\/\/www.bleepingcomputer.com\/news\/security\/google-says-hackers-are-abusing-gemini-ai-for-all-attacks-stages\/ Publish Date: 2026-02-12&#8230;<\/p>\n","protected":false},"author":1,"featured_media":215083,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2026\/02\/11\/ai-extract.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,17,32,25,34,27],"class_list":["post-215082","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-llm","tag-malware","tag-phishing","tag-threat-actor","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215082"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=215082"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215082\/revisions"}],"predecessor-version":[{"id":215084,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215082\/revisions\/215084"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/215083"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=215082"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=215082"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=215082"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}