State-Backed Hackers Weaponize Google Gemini AI for Cyberattacks

Gemini 3.1 Pro Preview has been spotted ahead of any official announcement, but a new report highlights how attackers already exploit Google’s AI in real-world cyberattacks.

While excitement grows around the next-gen model, researchers say state-backed hackers actively use Gemini across multiple stages of intrusion campaigns.

Gemini AI used in state-backed cyber operations

According to BleepingComputer, Google’s Gemini AI model has supported threat actors from China, Iran, North Korea, and Russia.

Google’s Threat Intelligence Group (GTIG) reports that groups such as APT31, Temp.HEX, APT42, and UNC2970 leveraged Gemini for reconnaissance, phishing, and malware development.

Attackers reportedly used Gemini for:

• Target profiling and open-source intelligence gathering
• Generating phishing lures and translating content
• Writing and debugging malicious code
• Testing vulnerabilities and troubleshooting attack tools
• Assisting command-and-control development and data exfiltration

Chinese-linked actors allegedly automated vulnerability analysis and built testing plans using fabricated attack scenarios. In one case, Gemini analyzed remote code execution paths, WAF bypass methods, and SQL injection results targeting U.S. entities.

AI-assisted malware development detected

Iranian group APT42 reportedly used Gemini to enhance social engineering campaigns and accelerate malicious tool development.

Researchers also found evidence suggesting AI-assisted development in malware families such as CoinBait and HonestCue. Some samples contained logging messages prefixed with “Analytics:,” possibly pointing to automated or AI-driven code generation.

GTIG believes some malware may have been built using the Lovable AI platform.

Separately, cybercriminals used generative AI tools in ClickFix campaigns that distributed AMOS info-stealing malware targeting macOS systems.

Large-scale attempts to extract Gemini’s capabilities

Google also observed efforts to replicate Gemini’s behavior through model extraction techniques.

In one case, attackers used more than 100,000 prompts in an attempt to distill the model’s capabilities into alternative systems. This technique, known as knowledge distillation, allows adversaries to transfer AI behavior into new models.

Google considers this a form of intellectual property theft and a serious threat to AI-as-a-service platforms.

In response, Google disabled accounts and infrastructure linked to abuse and deployed additional safeguards.

The company says it continuously tests Gemini’s guardrails and updates classifier defenses to reduce misuse.

Meanwhile, researchers have also documented hackers abusing legitimate tools such as Outlook add-ins and SharePoint for phishing campaigns, highlighting a broader trend of weaponizing trusted platforms.