State-backed hackers from China, Iran, North Korea, and Russia are using Google’s Gemini AI model to support various stages of their attacks. These groups employ Gemini to create phishing lures, translate text, code vulnerabilities, and troubleshoot malware.
According to the Google Threat Intelligence Group (GTIG), APT adversaries use Gemini for reconnaissance, phishing lure creation, command and control (C2) development, and data exfiltration. Chinese threat actors used an expert cybersecurity persona to request vulnerability analysis from Gemini, while Iran’s APT42 leveraged the model for social engineering campaigns.
Malware operators are increasingly integrating AI capabilities into their toolsets, including the CoinBait phishing kit and the HonestCue malware downloader and launcher. These groups use generative AI services in ClickFix campaigns to deliver malicious malware.
Google has disabled accounts and infrastructure tied to documented abuse and implemented targeted defenses in Gemini’s classifiers to make abuse harder. The company designs AI systems with robust security measures and regularly tests models to improve their security and safety.
Source: https://www.bleepingcomputer.com/news/security/google-says-hackers-are-abusing-gemini-ai-for-all-attacks-stages