Google said a North Korea-linked hacking group used its Gemini AI model to accelerate reconnaissance and target profiling, underscoring growing reliance on generative AI by state-backed actors. The threat cluster known as UNC2970, which overlaps with Lazarus Group, tapped Gemini to synthesize open-source intelligence, build tailored phishing personas, and identify soft targets across defense and cybersecurity firms. Google also cited misuse by China- and Iran-aligned groups for vulnerability analysis, exploit troubleshooting, and social-engineering support. Separately, researchers observed malware that programmatically calls Gemini’s API to generate second-stage functionality and a phishing kit built with AI tools, while model-extraction attempts pummeled Gemini with large query sets to clone its behavior. Google said it is tightening safeguards as attackers attempt persona-based prompt workarounds, warning that AI will increase the speed and quality of cyberattacks and urging similar AI investments by defenders.
