Google Gemini AI used by more than 40 state sponsored advanced persistent threat actors (APTs)!

SCWorld.com reported that “Google’s Threat Intelligence Group (GTIG) revealed the use of Google’s Gemini AI tools by more than 40 state-sponsored advanced persistent threat actors (APTs) from Iran, China, North Korea, Russia and at least 16 other countries.” February 3, 2025 article entitled “Google reveals Gemini AI use by more than 40 state-sponsored APTs” (https://tinyurl.com/7e7pz4t6) included these comments:

Threat actors used the Gemini large language model (LLM) to support activities in every phase of the attack life cycle, the GITG said in a blog post last week, but this use only resulted in “productivity gains” rather than the development of “novel capabilities,” the researchers noted.

The finding is consistent with a report by Microsoft and OpenAI last year that found that Iranian, Chinese, North Korean and Russian state-sponsored actors used ChatGPT in a limited and experimental manner for tasks such as scripting and phishing help, vulnerability research, target reconnaissance and help with post-exploitation activities.

Iranian threat actors were the most prolific adversarial users of Gemini for hacking activity and influence operations, according to Google’s report, while Russian threat actors were noted to make limited use of the AI tool.

North Korean threat actors used Gemini for activities consistent with the North Korean government’s ongoing IT worker campaign, including reconnaissance on international companies, searches for job listings and generation of work proposals and cover letters, in addition to seeking assistance with malware development, post-compromise activity and other research.

More than 20 China-backed groups also used Gemini in attempts to streamline their hacking activities, including by seeking information on U.S. critical infrastructure, vulnerabilities, Windows exploits and methods for lateral movement across compromised systems.

Given Google usage this is not a surprise!