Google Reports Widespread Misuse Of Gemini AI

Uploaded on 2025-02-07 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

Once an emerging technology is found to be useful for cyber attacks, hackers will swiftly add it to their toolbox. Now, nation-state threat actors are using Google’s generative AI tool, Gemini, to carry out malicious activities.

Indeed,  Google has identified Advanced Persistent Threat (APT) groups from more than 20 nations who are busy using Gemini. 

Google’s Threat Intelligence Group (GTIG) reports that Iran is the leading nation-state actor using Gemini for hacking, espionage and information warfare.

According to GTIG’s 2025 report, Iranian government-backed hackers account for 75% of all identified malicious uses of Gemini, much higher than the other state actors, including China, Russia, and North Korea.

Google’s report says that over at least 10 Iranian cyber groups have used Gemini for a range of hostile activities, including phishing campaigns, reconnaissance of defence organisations, vulnerability research, and social engineering tactics. Amongst these groups is APT42, a well-documented and very active espionage group, whom Google assess to have contributes to almost a third Iran’s AI cyber threats.  

APT42 has primarily used Gemini for creating phishing emails, conducting reconnaissance on defence related issues, and generating cyber security content.

Iranian (APT) actors also exploited Gemini to research ways to extract sensitive data from Android devices, including SMS messages, account credentials, and social media contacts. The AI tool was also used for developing and debugging malware, modifying assembly code, and researching publicly known vulnerabilities.

Beyond cyber attacks, Iranian state-affiliated actors have also used Gemini to manipulate information and conduct influence operations online.  Iran-based  groups have accounted for 75% of all AI-assisted disinformation activity, using Gemini for content creation, translation, localisation, and propaganda dissemination.

According to GTIG, Iranian threat actors have been engaged in “generating articles, rewriting text with specific political tones, and optimising content for maximum reach.”  

Some groups have used SEO-optimised content to manipulate search rankings, while others asked Gemini to craft headline-grabbing video descriptions and hashtags promoting pro-regime narratives. 

Google’s findings also found that Iranian hackers used Gemini to get intelligence on military targets and warfare technologies. In one case, APT42 sought AI-assisted explanations on US aerospace defence systems, researched Israeli missile defence mechanisms and anti-drone technologies. Additionally, other Iranian groups explored satellite jamming techniques and electronic warfare methods.

According to the report, Iranian actors have exhibited the broadest and most aggressive use of AI for cyber attacks, suggesting that Iran is increasing its reliance on AI to expand its cyber warfare capabilities and online disinformation campaigns.

Google     |   NCRI   |   Fortune   |   Computer Weekly   |   InfoSecurity Magazine   |   Tech Target     |    

Bleeping Computer

Image: @SolGeminiAi

You Might Also Read: 

Iranian Hacking Group Deploys Customised Spyware:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« File Transfers Can Be The Weakest Link
Ransomware Attack on Tata Tech »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ESET

ESET

ESET provide security software for enterprises and consumers - Antivirus Software, Internet Security and Virus Protection.

SEWORKS

SEWORKS

SEWORKS provides offensive and defensive app security that ensures mobile and web apps are safe from dangerous hacking threats.

Information System Security Directorate (ISSD) - Afghanistan

Information System Security Directorate (ISSD) - Afghanistan

Information System Security Directorate (ISSD) is the Directorate of MCIT responsible for the security of critical information infrastructures in Afghanistan.

IPQualityScore (IPQS)

IPQualityScore (IPQS)

IPQS anti-fraud tools provide a real-time fraud score to analyze how likely a user or visitor is to engage in fraudulent behavior.

Irish National Accreditation Board (INAB)

Irish National Accreditation Board (INAB)

INAB is the national accreditation body for Ireland. The directory of members provides details of organisations offering certification services for ISO 27001.

ITRecycla

ITRecycla

ITRecycla are specialists in the protection of sensitive computer data by data destruction, re-marketing of reusable computer equipment, computer recycling and disposing of electronic e-waste.

ECOLUX

ECOLUX

ECOLUX is a professional IoT security service company committed to developing world-leading “IoT Lifecycle Security” technologies and products.

Field Effect Software

Field Effect Software

Field Effect Software build sophisticated and integrated IT security, threat surface reduction, training and simulation capabilities for enterprises and small businesses.

Wabbi

Wabbi

Wabbi’s continuous security platform centralizes, automates and orchestrates security governance and vulnerability management to empower development teams to own appsec.

Zuul IoT

Zuul IoT

Zuul take an asset-centric approach to OT security, enabling security teams to protect the critical IIoT/IoT devices that are at the foundation of critical business functions.

Visory

Visory

Great businesses depend on great technology. We make sure our clients go to market with enterprise-level technology and world-class security for their data and infrastructure.

Single Point of Contact

Single Point of Contact

Single Point of Contact is a Managed IT Services provider that helps businesses to achieve a seamless and secure IT environment.

Salus Cyber

Salus Cyber

Salus is a provider of world-class cyber security services, enabling our clients to identify and manage their cyber risks proactively and effectively.

FutureRange

FutureRange

Specialising in IT Managed Services, Cybersecurity and Digital Transformation, FutureRange experts provide professional IT services for clients throughout Ireland and beyond.

Thoropass

Thoropass

Thoropass (formerly Laika) helps you get and stay compliant with smart software and expert services.

Huntr

Huntr

Huntr provides a single place for security researchers to submit vulnerabilities, to ensure the security and stability of AI/ML applications.