BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

North Korean Hackers Use Google’s Gemini AI for Cyber Recon

Threat actors misuse Gemini AI for reconnaissance, exploitation, and model theft.

  • Google’s threat intelligence team observed the North Korean hacking group UNC2970 using the generative AI model Gemini to profile high-value cybersecurity and defense targets.
  • Multiple state-backed threat actors, including clusters from China and Iran, are using AI to automate reconnaissance, code exploits, and craft social engineering campaigns.
  • Malicious tools like the HONESTCUE downloader weaponize Gemini’s API to generate and execute malicious C# code directly in memory, leaving minimal forensic traces.
  • Attackers are conducting large-scale model extraction attacks, using over 100,000 queries to replicate proprietary AI model behavior, a risk highlighted by security researchers.

Google’s Threat Intelligence Group reported on Thursday that the North Korean UNC2970 hacking group weaponized its Gemini AI for malicious cyber reconnaissance. This state-backed actor used the model to synthesize public intelligence on defense firms and map technical job roles for targeted phishing.

- Advertisement -

The activity, detailed in a report, blurs the line between professional research and malicious profiling. Consequently, it enables the group to identify soft targets and craft convincing personas for initial compromise.

Multiple other threat actors have integrated Gemini into their workflows, according to the findings. The Chinese-linked APT42 used it to develop a Python-based Google Maps scraper and research a WinRAR vulnerability.

APT41 and UNC795 also employed the AI to troubleshoot exploit code and develop web shells. The financially motivated UNC5356 cluster was linked to an AI-generated phishing kit called COINBAIT that mimics a cryptocurrency exchange.

Google also identified the HONESTCUE malware, which calls Gemini’s API to generate its secondary stage functionality. This fileless payload is compiled and executed directly in memory using the .NET CSharpCodeProvider framework.

- Advertisement -

Meanwhile, the company disrupted model extraction attacks involving over 100,000 prompts aimed at Gemini. A proof-of-concept extraction achieved 80.1% accuracy with just 1,000 queries, demonstrating the threat. Security researcher Farida Shafik noted, “Every query-response pair is a training example for a replica.”

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Bitcoin Creator Back Warns BIP-110 Data Limit Could Split Network

Adam Back said Bitcoin has "robustly rejected" BIP-110, arguing the proposal conflicts with the...

Analyst Says Bitcoin Bear Market Nearing End as Momentum Slows

Bitcoin may be entering the latter stages of the bear market as downside momentum...

IMF: Dollar stablecoins may amplify currency runs in fixed-rate economies

An IMF working paper by economist Brandon Joel Tan models how dollar stablecoins improve...

Japan Plans to Legalize Cryptocurrency ETFs, Minister Says

Japanese Finance Minister Satsuki Katayama announced plans to legalize cryptocurrency ETFs.ETFs let investors gain...

Robinhood enables AI agents for crypto trades in US

Robinhood will allow eligible US crypto traders to connect third-party AI agents for autonomous...

Must Read

The 13 Best Crypto Advertising Networks to Grow Your Project

TABLE OF CONTENTSWhy Traditional Ad Networks (Like Google & Facebook) Fail CryptoQuick-View Comparison TableHow to Choose the Right Crypto Ad Network for Your ProjectBest...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading