INC-25-0036 confirmed high State-Backed Hackers from Four Nations Weaponize Google Gemini for Cyberattack Operations (2025)
Google developed and State-backed threat actors deployed Google Gemini, harming Targets of state-sponsored cyberattacks facilitated by Gemini and Defense industry employees profiled through Gemini-assisted reconnaissance ; possible contributing factors include weaponization and adversarial attack.
Threat actor(s): UNC2970 (North Korea), APT42 (Iran), Chinese state-backed groups, Russian state-backed groups
Incident Details
| Date Occurred | 2025-12 |
| Severity | high |
| Evidence Level | primary |
| Impact Level | Institutional |
| Domain | Security & Cyber |
| Primary Pattern | PAT-SEC-009 AI-Powered Social Engineering |
| Secondary Patterns | PAT-SEC-002 AI-Morphed Malware |
| Regions | north america, asia, europe, middle east |
| Sectors | Government, Technology, Cross-Sector |
| Affected Groups | National Security Systems, Government Institutions, Workers |
| Exposure Pathways | Adversarial Targeting |
| Causal Factors | Weaponization, Adversarial Attack |
| Assets & Technologies | Large Language Models |
| Entities | Google(developer), ·State-backed threat actors(deployer), ·UNC2970 (North Korea)(threat actor), ·APT42 (Iran)(threat actor), ·Chinese state-backed groups(threat actor), ·Russian state-backed groups(threat actor) |
| Harm Types | operational, societal |
Google's Threat Intelligence Group (GTIG) reported that state-backed hacking groups from North Korea (UNC2970), Iran (APT42), China, and Russia used Google Gemini for reconnaissance, target profiling, phishing message generation, malware coding, and vulnerability research, with one group developing HONESTCUE malware that outsources code generation to Gemini's API.
Incident Summary
Google’s Threat Intelligence Group (GTIG) documented state-backed hacking groups from North Korea, Iran, China, and Russia using Google Gemini across multiple stages of cyberattack operations, publishing an initial report in January 2025 and a follow-up in February 2026 detailing escalation from productivity use to AI-integrated malware.[1][2] North Korea’s UNC2970, which targets defense industry organizations by impersonating corporate recruiters, used Gemini to synthesize open-source intelligence and profile high-value targets by searching for information on cybersecurity and defense companies and mapping specific technical job roles and salary information.[3] Iran’s APT42 used Gemini to search for official email addresses, conduct reconnaissance on potential business partners for phishing pretexts, and accelerate malware development and exploitation techniques.[1] The February 2026 follow-up identified HONESTCUE, a malware framework that sends prompts via Gemini’s API to outsource code generation, receiving C# source code as responses to function as a downloader and launcher.[2] Threat actors commonly circumvented safety guardrails by reframing prompts as security research or capture-the-flag exercises.[4]
Key Facts
- Threat actors: UNC2970 (North Korea), APT42 (Iran), plus unnamed Chinese and Russian state-backed groups[1]
- UNC2970 activities: Target profiling of defense and cybersecurity companies; mapping job roles and salary information for impersonation campaigns[3]
- APT42 activities: Email address discovery for phishing; business partner reconnaissance for social engineering pretexts; malware development acceleration[1]
- HONESTCUE malware: A downloader/launcher framework that uses Gemini’s API to dynamically generate C# source code payloads[2]
- Guardrail bypass method: Threat actors reframed malicious prompts as security research or CTF exercises to circumvent safety filters[4]
- Source: Google Threat Intelligence Group reports, January 2025 and February 2026[1][2]
Threat Patterns Involved
Primary: Social Engineering via AI — The dominant use of Gemini by state-backed groups was reconnaissance, target profiling, and phishing pretext development. UNC2970 used Gemini to map defense industry targets for impersonation campaigns, while APT42 used it to identify email addresses and develop contextually appropriate social engineering pretexts. These activities represent AI-augmented social engineering at the nation-state level.
Secondary: AI-Morphed Malware — The HONESTCUE malware framework represents a further evolution where AI integration moves from pre-attack preparation into the malware itself, with the Gemini API serving as a dynamic code generation engine during execution. This creates malware whose capabilities can evolve with each execution without requiring human developer intervention.
Significance
- AI-integrated malware — HONESTCUE represents an evolution from using AI to prepare attacks to embedding AI API calls within malware itself, creating a new class of threats where the malware’s capabilities are dynamically generated and can evolve with each execution
- Multi-nation convergence — Four nation-state programs independently adopting the same AI platform for attack operations indicates that AI-assisted offensive cyber capabilities are becoming a standard component of state-sponsored threat actor tradecraft
- Guardrail bypass as tradecraft — The systematic reframing of malicious prompts as security research demonstrates that current safety guardrails are insufficient against motivated, persistent adversaries with expertise in prompt crafting
Timeline
GTIG observes state-backed groups using Gemini across multiple attack stages
Google publishes GTIG findings on state-backed Gemini misuse; identifies UNC2970, APT42, and groups from China and Russia
Outcomes
- Other:
- Google enhanced Gemini safety measures; HONESTCUE malware samples identified leveraging Gemini API for dynamic code generation
Use in Retrieval
INC-25-0036 documents State-Backed Hackers from Four Nations Weaponize Google Gemini for Cyberattack Operations, a high-severity incident classified under the Security & Cyber domain and the AI-Powered Social Engineering threat pattern (PAT-SEC-009). It occurred in North America, Asia, Europe, Middle East (2025-12). This page is maintained by TopAIThreats.com as part of an evidence-based registry of AI-enabled threats. Cite as: TopAIThreats.com, "State-Backed Hackers from Four Nations Weaponize Google Gemini for Cyberattack Operations," INC-25-0036, last updated 2026-03-29.
Sources
- Adversarial Misuse of Generative AI — Google Threat Intelligence Group (primary, 2025-01)
https://cloud.google.com/blog/topics/threat-intelligence/adversarial-misuse-generative-ai (opens in new tab) - GTIG AI Threat Tracker: Distillation, Experimentation, and Integration of AI for Adversarial Use (primary, 2026-02)
https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use (opens in new tab) - Nation-State Hackers Ramping Up Use of Gemini for Reconnaissance and Malware Coding (news, 2026-02)
https://therecord.media/nation-state-hackers-using-gemini-for-malicious-campaigns (opens in new tab) - State Hackers Turn Google AI Into Attack Acceleration Tool (news, 2026-02)
https://www.bankinfosecurity.com/state-hackers-turn-google-ai-into-attack-acceleration-tool-a-30751 (opens in new tab)
Update Log
- — First logged (Status: Confirmed, Evidence: Primary)