Google Reports Widespread Misuse Of Gemini AI

Once an emerging technology is found to be useful for cyber attacks, hackers will swiftly add it to their toolbox. Now, nation-state threat actors are using Google’s generative AI tool, Gemini, to carry out malicious activities.

Indeed,  Google has identified Advanced Persistent Threat (APT) groups from more than 20 nations who are busy using Gemini. 

Google’s Threat Intelligence Group (GTIG) reports that Iran is the leading nation-state actor using Gemini for hacking, espionage and information warfare.

According to GTIG’s 2025 report, Iranian government-backed hackers account for 75% of all identified malicious uses of Gemini, much higher than the other state actors, including China, Russia, and North Korea.

Google’s report says that over at least 10 Iranian cyber groups have used Gemini for a range of hostile activities, including phishing campaigns, reconnaissance of defence organisations, vulnerability research, and social engineering tactics. Amongst these groups is APT42, a well-documented and very active espionage group, whom Google assess to have contributes to almost a third Iran’s AI cyber threats.  

APT42 has primarily used Gemini for creating phishing emails, conducting reconnaissance on defence related issues, and generating cyber security content.

Iranian (APT) actors also exploited Gemini to research ways to extract sensitive data from Android devices, including SMS messages, account credentials, and social media contacts. The AI tool was also used for developing and debugging malware, modifying assembly code, and researching publicly known vulnerabilities.

Beyond cyber attacks, Iranian state-affiliated actors have also used Gemini to manipulate information and conduct influence operations online.  Iran-based  groups have accounted for 75% of all AI-assisted disinformation activity, using Gemini for content creation, translation, localisation, and propaganda dissemination.

According to GTIG, Iranian threat actors have been engaged in “generating articles, rewriting text with specific political tones, and optimising content for maximum reach.”  

Some groups have used SEO-optimised content to manipulate search rankings, while others asked Gemini to craft headline-grabbing video descriptions and hashtags promoting pro-regime narratives. 

Google’s findings also found that Iranian hackers used Gemini to get intelligence on military targets and warfare technologies. In one case, APT42 sought AI-assisted explanations on US aerospace defence systems, researched Israeli missile defence mechanisms and anti-drone technologies. Additionally, other Iranian groups explored satellite jamming techniques and electronic warfare methods.

According to the report, Iranian actors have exhibited the broadest and most aggressive use of AI for cyber attacks, suggesting that Iran is increasing its reliance on AI to expand its cyber warfare capabilities and online disinformation campaigns.

Google     |   NCRI   |   Fortune   |   Computer Weekly   |   InfoSecurity Magazine   |   Tech Target     |    

Bleeping Computer

Image: @SolGeminiAi

You Might Also Read: 

Iranian Hacking Group Deploys Customised Spyware:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« File Transfers Can Be The Weakest Link
Ransomware Attack on Tata Tech »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cortado Mobile Solutions

Cortado Mobile Solutions

Cortado Mobile Solutions is the manufacturer of the mobile device management solution Cortado MDM.

Intercede

Intercede

Intercede is a cybersecurity company specializing in digital identities, derived credentials and access control, enabling digital trust in a mobile world.

Cloud53

Cloud53

Clolud53 is a Manchester based Managed Cyber Security & Cloud company providing solutions focused around you.

Neoteric Networks

Neoteric Networks

We deliver a no nonsense procedure to implementing technology. The technology selection process ensures that all customers enjoy an engineered methodology implementing technology.

ATIS Systems

ATIS Systems

ATIS Systems offers first-class complete solutions for legal interception, mediation, data retention, and IT forensics.

Cyberra Legal Services (CLS)

Cyberra Legal Services (CLS)

Cyberra Legal Services provides cyber law advisory, cyber crime consultancy, cyber law compliance audit, cyber security, cyber forensics and cyber training services.

Lumen Technologies

Lumen Technologies

Lumen is an enterprise technology platform that enables companies to capitalize on emerging applications and power the 4th Industrial Revolution (4IR).

SensorHound

SensorHound

SensorHound’s mission is to improve the security and reliability of the Internet of Things (IoT).

JobStreet.com

JobStreet.com

JobStreet is one of Asia’s leading online employment marketplaces in Malaysia, Philippines, Singapore, Indonesia and Vietnam.

Evalian

Evalian

Evalian is a data protection services provider. Working with organisations of all sizes, we specialise in Data Protection, GDPR, ISO Certification & Information Security.

Rostelecom

Rostelecom

Rostelecom is Russia’s largest integrated provider of digital services and solutions, covering all market segments including consumer, governmental and private organizations.

Policy Monitor

Policy Monitor

Policy Monitor is a cyber security company founded by experts with extensive experience in operational and risk management.

Core to Cloud

Core to Cloud

Core to Cloud provide consultancy and technical support for the planning and implementation of sustainable security strategies.

Solcon Capital

Solcon Capital

Solcon Capital is a forward-looking, technology-focused investment firm that is committed to identifying and investing in the most promising areas of innovation and development in the tech industry.

ShieldIO

ShieldIO

ShieldIO Real-Time Homomorphic Encryption™ enables your organization to reach regulatory compliance without compromising data availability.

SGS Brightsight

SGS Brightsight

SGS Brightsight is the largest independent security evaluation lab in the world, with ten recognised labs worldwide.