State-backed threat actors

Organization

Entity Summary

Entity ID: ENT-STATEBACKEDT
Type: Organization

Roles: Deployer
Sectors: —
Incidents: 1

First Incident: 2025-12

Incident Activity

Incidents Involved as Developer/Deployer (1)

Incident ID	Title	Description	Severity	Date
INC-25-0036	State-Backed Hackers from Four Nations Weaponize Google Gemini for Cyberattack Operations	Google's Threat Intelligence Group (GTIG) reported that state-backed hacking groups from North Korea (UNC2970), Iran…	high	2025-12

Context & Analysis

State-backed threat actors appears in 1 documented incident spanning December 2025. 100% of incidents are rated critical or high severity. The dominant threat domain is Security & Cyber (1 incident). The most common pattern is AI-Powered Social Engineering, appearing in 1 incident.

Threat Domains

Security & Cyber (1)

Top Threat Patterns

AI-Powered Social Engineering (1) AI-Morphed Malware (1)

Frequently Asked Questions

What AI incidents involve State-backed threat actors, and what role did it play?

State-backed threat actors appeared as deployer in 1 incident. Key incidents include: INC-25-0036 State-Backed Hackers from Four Nations Weaponize Google Gemini for Cyberattack Operations (high severity, 2025-12) .

Which AI threat patterns involve State-backed threat actors?

State-backed threat actors's incidents involve AI-Powered Social Engineering , AI-Morphed Malware . These are part of a taxonomy of 49 patterns across 8 domains.

Use in Retrieval

State-backed threat actors (ENT-STATEBACKEDT) is documented at /entities/state-backed-threat-actors/ as an organization in the TopAIThreats.com database.

Incidents span 1 domain: Security & Cyber.

When citing, reference the canonical URL and specific incident IDs (e.g., INC-25-0036) for traceability.