Google Reports Widespread Misuse Of Gemini AI

Uploaded on 2025-02-07 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

Once an emerging technology is found to be useful for cyber attacks, hackers will swiftly add it to their toolbox. Now, nation-state threat actors are using Google’s generative AI tool, Gemini, to carry out malicious activities.

Indeed,  Google has identified Advanced Persistent Threat (APT) groups from more than 20 nations who are busy using Gemini. 

Google’s Threat Intelligence Group (GTIG) reports that Iran is the leading nation-state actor using Gemini for hacking, espionage and information warfare.

According to GTIG’s 2025 report, Iranian government-backed hackers account for 75% of all identified malicious uses of Gemini, much higher than the other state actors, including China, Russia, and North Korea.

Google’s report says that over at least 10 Iranian cyber groups have used Gemini for a range of hostile activities, including phishing campaigns, reconnaissance of defence organisations, vulnerability research, and social engineering tactics. Amongst these groups is APT42, a well-documented and very active espionage group, whom Google assess to have contributes to almost a third Iran’s AI cyber threats.  

APT42 has primarily used Gemini for creating phishing emails, conducting reconnaissance on defence related issues, and generating cyber security content.

Iranian (APT) actors also exploited Gemini to research ways to extract sensitive data from Android devices, including SMS messages, account credentials, and social media contacts. The AI tool was also used for developing and debugging malware, modifying assembly code, and researching publicly known vulnerabilities.

Beyond cyber attacks, Iranian state-affiliated actors have also used Gemini to manipulate information and conduct influence operations online.  Iran-based  groups have accounted for 75% of all AI-assisted disinformation activity, using Gemini for content creation, translation, localisation, and propaganda dissemination.

According to GTIG, Iranian threat actors have been engaged in “generating articles, rewriting text with specific political tones, and optimising content for maximum reach.”  

Some groups have used SEO-optimised content to manipulate search rankings, while others asked Gemini to craft headline-grabbing video descriptions and hashtags promoting pro-regime narratives. 

Google’s findings also found that Iranian hackers used Gemini to get intelligence on military targets and warfare technologies. In one case, APT42 sought AI-assisted explanations on US aerospace defence systems, researched Israeli missile defence mechanisms and anti-drone technologies. Additionally, other Iranian groups explored satellite jamming techniques and electronic warfare methods.

According to the report, Iranian actors have exhibited the broadest and most aggressive use of AI for cyber attacks, suggesting that Iran is increasing its reliance on AI to expand its cyber warfare capabilities and online disinformation campaigns.

Google     |   NCRI   |   Fortune   |   Computer Weekly   |   InfoSecurity Magazine   |   Tech Target     |    

Bleeping Computer

Image: @SolGeminiAi

You Might Also Read: 

Iranian Hacking Group Deploys Customised Spyware:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« File Transfers Can Be The Weakest Link
Australia Bans DeepSeek In Government Networks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CloudEndure

CloudEndure

CloudEndure offers Disaster Recovery and Continuous Replication for the Cloud.

DoD Cyber Crime Center (DC3)

DoD Cyber Crime Center (DC3)

DC3 is a US Department of Defense (DoD) center of excellence for Digital and Multimedia forensics.

AV Test

AV Test

The AV-TEST Institute is a leading international and independent service provider in the fields of anti-virus research and IT security.

Information Security Research Group - University of South Wales

Information Security Research Group - University of South Wales

The Information Security Research Group has an international reputation in the areas of network security, computer forensics and threat analysis.

SCADAfence

SCADAfence

SCADAfence offers cutting edge cybersecurity solutions designed to ensure the operational continuity of industrial (ICS/SCADA) networks.

Sky Data Vault

Sky Data Vault

Sky Data Vault provide the simplest and most cost effective method of Disaster Recovery / Business Continuity for mission critical systems and applications.

Basque Digital Innovation Hub (BDIH)

Basque Digital Innovation Hub (BDIH)

The aim of the BDIH initiative is to provide industrial enterprises, especially SMEs, with the technological capabilities needed to meet the challenges of industry 4.0.

Digital Fingerprints

Digital Fingerprints

Digital Fingerprints provides continuous authentication with behavioural biometrics. Protection against account takeover and session takeover. Compliant with GDPR and PSD2.

BullGuard

BullGuard

BullGuard is an award-winning cybersecurity company focused on providing the consumer and small business markets with the confidence to use the internet in absolute safety.

Crosspoint Capital Partners

Crosspoint Capital Partners

Crosspoint Capital Partners is a private equity investment firm focused on the cybersecurity and privacy sectors.

IMQ Group

IMQ Group

IMQ is one of Europe’s top players in the field of conformity assessment. We offer certification services to support all the major sectors of the manufacturing and service industries.

Strata Identity

Strata Identity

Strata is pioneering identity orchestration to unify on-premises and cloud-based authentication and access systems for consistent identity management in multi-cloud environments.

Maxxsure

Maxxsure

Maxxsure provides a platform for executive management, leveraging proprietary technology that identifies, measures, and scores a company’s cyber risks.

Theori

Theori

Theori tackles the most difficult cybersecurity challenges from an attacker’s perspective and conquers them as the best strategic security experts.

CESAR

CESAR

CESAR is one of the premier R+D and innovation centers in Brazil and a designated Cybersecurity Competence Center.

XeneX

XeneX

XeneX Cloud Security Services address enterprise-class security challenges by enabling DevOps and Security teams to access a shared source of truth.