Google Reports Widespread Misuse Of Gemini AI

Once an emerging technology is found to be useful for cyber attacks, hackers will swiftly add it to their toolbox. Now, nation-state threat actors are using Google’s generative AI tool, Gemini, to carry out malicious activities.

Indeed,  Google has identified Advanced Persistent Threat (APT) groups from more than 20 nations who are busy using Gemini. 

Google’s Threat Intelligence Group (GTIG) reports that Iran is the leading nation-state actor using Gemini for hacking, espionage and information warfare.

According to GTIG’s 2025 report, Iranian government-backed hackers account for 75% of all identified malicious uses of Gemini, much higher than the other state actors, including China, Russia, and North Korea.

Google’s report says that over at least 10 Iranian cyber groups have used Gemini for a range of hostile activities, including phishing campaigns, reconnaissance of defence organisations, vulnerability research, and social engineering tactics. Amongst these groups is APT42, a well-documented and very active espionage group, whom Google assess to have contributes to almost a third Iran’s AI cyber threats.  

APT42 has primarily used Gemini for creating phishing emails, conducting reconnaissance on defence related issues, and generating cyber security content.

Iranian (APT) actors also exploited Gemini to research ways to extract sensitive data from Android devices, including SMS messages, account credentials, and social media contacts. The AI tool was also used for developing and debugging malware, modifying assembly code, and researching publicly known vulnerabilities.

Beyond cyber attacks, Iranian state-affiliated actors have also used Gemini to manipulate information and conduct influence operations online.  Iran-based  groups have accounted for 75% of all AI-assisted disinformation activity, using Gemini for content creation, translation, localisation, and propaganda dissemination.

According to GTIG, Iranian threat actors have been engaged in “generating articles, rewriting text with specific political tones, and optimising content for maximum reach.”  

Some groups have used SEO-optimised content to manipulate search rankings, while others asked Gemini to craft headline-grabbing video descriptions and hashtags promoting pro-regime narratives. 

Google’s findings also found that Iranian hackers used Gemini to get intelligence on military targets and warfare technologies. In one case, APT42 sought AI-assisted explanations on US aerospace defence systems, researched Israeli missile defence mechanisms and anti-drone technologies. Additionally, other Iranian groups explored satellite jamming techniques and electronic warfare methods.

According to the report, Iranian actors have exhibited the broadest and most aggressive use of AI for cyber attacks, suggesting that Iran is increasing its reliance on AI to expand its cyber warfare capabilities and online disinformation campaigns.

Google     |   NCRI   |   Fortune   |   Computer Weekly   |   InfoSecurity Magazine   |   Tech Target     |    

Bleeping Computer

Image: @SolGeminiAi

You Might Also Read: 

Iranian Hacking Group Deploys Customised Spyware:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« File Transfers Can Be The Weakest Link
Ransomware Attack on Tata Tech »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Mimecast

Mimecast

Mimecast delivers cloud-based email management for Microsoft Exchange and Microsoft Office 365 including archiving, continuity and security.

Integrity360

Integrity360

Integrity360 provide fully managed IT security services as well as security testing, integration, GRC and incident handling services.

CamCERT

CamCERT

CamCERT is the national Computer Emergency Response Team for Cambodia.

Akheros

Akheros

Akheros develops cybersecurity learning algorithms which anticipate, detect and prevent offensive and incongruous behaviors of M2M interactions.

Cyber Risk Opportunities

Cyber Risk Opportunities

Cyber Risk Opportunities was formed to enable middle-market executives to become more proficient cyber risk managers so their organizations can thrive.

XTN Cognitive Security

XTN Cognitive Security

XTN is focused on the development of security, Fraud and Mobile Threat Prevention advanced behaviour-based solutions.

Seculert

Seculert

The Seculert Attack Detection & Analytics Platform combines machine-learning based analytics and threat intelligence to automatically detect cyber attacks inside the network.

GovCERT Austria

GovCERT Austria

GovCERT Austria is the Austrian Government Computer Emergency Response Team. Its constituency consists of Austria's public administration.

Zighra

Zighra

Zighra is a leading provider of On-Device AI solutions for continuous authentication and fraud detection on mobile and web applications.

Intrinsyc Technologies

Intrinsyc Technologies

Intrinsyc provides product development services and Edge Computing modules that are helping to take the Internet of Things products to the next level.

Yellow Brand Protection

Yellow Brand Protection

Yellow Brand Protection operates 24/7 to protect brands' Intellectual Property (IP) from infringements on all kinds of online distribution channels.

CertiPath

CertiPath

CertiPath create products and services that ensure the highest levels of validation for digital identities that attempt to access customers’ networks.

ASPIA InfoTech

ASPIA InfoTech

ASPIA Infotech is a leading Information and cybersecurity organization focused on innovative approaches to avert targeted attacks.

IDVerse

IDVerse

IDVerse is focused on making user verification effortless through technology. We build intelligent tools that protect users from identity fraud while enabling a seamless user experience.

Elitery

Elitery

Elitery is an IT-managed service company that focuses on cloud and cybersecurity services.

Quantum Knight

Quantum Knight

Quantum Knight is the most performant commercial-grade embeddable cryptography. Lock down any resource from any location or device. Take control of your data now.