State-sponsored hackers are exploiting AI to accelerate cyberattacks, with threat actors from Iran, North Korea, China, and Russia weaponising models like Google\u2019s Gemini to craft sophisticated phishing campaigns and develop malware, according to a new report from Google\u2019s Threat Intelligence Group (GTIG).
\nThe quarterly AI Threat Tracker report, released today, reveals how government-backed attackers have integrated artificial intelligence throughout the attack lifecycle \u2013 achieving productivity gains in reconnaissance, social engineering, and malware development during the final quarter of 2025.
\n\u201cFor government-backed threat actors, large language models have become essential tools for technical research, targeting, and the rapid generation of nuanced phishing lures,\u201d GTIG researchers stated in the report.
\nAI-powered reconnaissance by state-sponsored hackers targets the defence sector
\nIranian threat actor APT42 used Gemini to augment reconnaissance and targeted social engineering operations. The group misused the AI model to enumerate official email addresses for specific entities and conduct research to establish credible pretexts for approaching targets.
\nBy feeding Gemini a target\u2019s biography, APT42 crafted personas and scenarios designed to elicit engagement. The group also used the AI to translate between languages and better understand non-native phrases \u2013 abilities that help state-sponsored hackers bypass traditional phishing red flags like poor grammar or awkward syntax.
\nNorth Korean government-backed actor UNC2970, which focuses on defence targeting and impersonating corporate recruiters, used Gemini to synthesise open-source intelligence and profile high-value targets. The group\u2019s reconnaissance included searching for information on major cybersecurity and defence companies, mapping specific technical job roles, and gathering salary information.
\n\u201cThis activity blurs the distinction between routine professional research and malicious reconnaissance, as the actor gathers the necessary components to create tailored, high-fidelity phishing personas,\u201d GTIG noted.
\nModel extraction attacks surge
\nBeyond operational misuse, Google DeepMind and GTIG identified a increase in model extraction attempts \u2013 also known as \u201cdistillation attacks\u201d \u2013 aimed at stealing intellectual property from AI models.
\nOne campaign targeting Gemini\u2019s reasoning abilities involved over 100,000 prompts designed to coerce the model into outputting full reasoning processes. The breadth of questions suggested an attempt to replicate Gemini\u2019s reasoning ability in non-English target languages in various tasks.
\nHow model extraction attacks work to steal AI intellectual property. (Image: Google GTIG)
\nWhile GTIG observed no direct attacks on frontier models from advanced persistent threat actors, the team identified and disrupted frequent model extraction attacks from private sector entities globally and researchers seeking to clone proprietary logic.
\nGoogle\u2019s systems recognised these attacks in real-time and deployed defences to protect internal reasoning traces.
\nAI-integrated malware emerges
\nGTIG observed malware samples, tracked as HONESTCUE, that use Gemini\u2019s API to outsource functionality generation. The malware is designed to undermine traditional network-based detection and static analysis through a multi-layered obfuscation approach.
\nHONESTCUE functions as a downloader and launcher framework that sends prompts via Gemini\u2019s API and receives C# source code as responses. The fileless secondary stage compiles and executes payloads directly in memory, leaving no artefacts on disk.
\nHONESTCUE malware\u2019s two-stage attack process using Gemini\u2019s API. (Image: Google GTIG)
\nSeparately, GTIG identified COINBAIT, a phishing kit whose construction was likely accelerated by AI code generation tools. The kit, which masquerades as a major cryptocurrency exchange for credential harvesting, was built using the AI-powered platform Lovable AI.
\nClickFix campaigns abuse AI chat platforms
\nIn a novel social engineering campaign first observed in December 2025, Google saw threat actors abuse the public sharing features of generative AI services \u2013 including Gemini, ChatGPT, Copilot, DeepSeek, and Grok \u2013 to host deceptive content distributing ATOMIC malware targeting macOS systems.
\nAttackers manipulated AI models to create realistic-looking instructions for common computer tasks, embedding malicious command-line scripts as the \u201csolution.\u201d By creating shareable links to these AI chat transcripts, threat actors used trusted domains to host their initial attack stage.
\nThe three-stage ClickFix attack chain exploiting AI chat platforms. (Image: Google GTIG)
\nUnderground marketplace thrives on stolen API keys
\nGTIG\u2019s observations of English and Russian-language underground forums indicate a persistent demand for AI-enabled tools and services. However, state-sponsored hackers and cybercriminals struggle to develop custom AI models, instead relying on mature commercial products accessed through stolen credentials.
\nOne toolkit, \u201cXanthorox,\u201d advertised itself as a custom AI for autonomous malware generation and phishing campaign development. GTIG\u2019s investigation revealed Xanthorox was not a bespoke model but actually powered by several commercial AI products, including Gemini, accessed through stolen API keys.
\nGoogle\u2019s response and mitigations
\nGoogle has taken action against identified threat actors by disabling accounts and assets associated with malicious activity. The company has also applied intelligence to strengthen both classifiers and models, letting them refuse assistance with similar attacks moving forward.
\n\u201cWe are committed to developing AI boldly and responsibly, which means taking proactive steps to disrupt malicious activity by disabling the projects and accounts associated with bad actors, while continuously improving our models to make them less susceptible to misuse,\u201d the report stated.
\nGTIG emphasised that despite these developments, no APT or information operations actors have achieved breakthrough abilities that fundamentally alter the threat landscape.
\nThe findings underscore the evolving role of AI in cybersecurity, as both defenders and attackers race to use the technology\u2019s abilities.
\nFor enterprise security teams, particularly in the Asia-Pacific region where Chinese and North Korean state-sponsored hackers remain active, the report serves as an important reminder to enhance defences against AI-augmented social engineering and reconnaissance operations.
\n(Photo by SCARECROW artworks)
\nSee also: Anthropic just revealed how AI-orchestrated cyberattacks actually work \u2013 Here\u2019s what enterprises need to know
\nWant to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events, click here for more information.
\nAI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here.
\nThe post State-sponsored hackers exploit AI for advanced cyberattacks appeared first on AI News.<\/p>\n","protected":false},"excerpt":{"rendered":"
State-sponsored hackers are exploiting AI to accelerate cyberattacks, with threat actors from Iran, North Korea, China, and Russia weaponising models like Google\u2019s Gemini to craft sophisticated phishing campaigns and develop malware, according to a new report from Google\u2019s Threat Intelligence Group (GTIG). The quarterly AI Threat Tracker report, released today, reveals how government-backed attackers have [\u2026]<\/p>\n
The post State-sponsored hackers exploit AI for advanced cyberattacks<\/a> appeared first on AI News<\/a>.<\/p>\n<\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[4,1,90,649,46,438],"tags":[3],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-ai","category-ai-and-ml","category-cybersecurity","category-cybersecurity-ai","category-google","category-human-ai-relationships","tag-ai"],"yoast_head":"\n