Google Reports Widespread Misuse Of Gemini AI
Once an emerging technology is found to be useful for cyber attacks, hackers will swiftly add it to their toolbox. Now, nation-state threat actors are using Google’s generative AI tool, Gemini, to carry out malicious activities.
Indeed, Google has identified Advanced Persistent Threat (APT) groups from more than 20 nations who are busy using Gemini.
Google’s Threat Intelligence Group (GTIG) reports that Iran is the leading nation-state actor using Gemini for hacking, espionage and information warfare.
According to GTIG’s 2025 report, Iranian government-backed hackers account for 75% of all identified malicious uses of Gemini, much higher than the other state actors, including China, Russia, and North Korea.
Google’s report says that over at least 10 Iranian cyber groups have used Gemini for a range of hostile activities, including phishing campaigns, reconnaissance of defence organisations, vulnerability research, and social engineering tactics. Amongst these groups is APT42, a well-documented and very active espionage group, whom Google assess to have contributes to almost a third Iran’s AI cyber threats.
APT42 has primarily used Gemini for creating phishing emails, conducting reconnaissance on defence related issues, and generating cyber security content.
Iranian (APT) actors also exploited Gemini to research ways to extract sensitive data from Android devices, including SMS messages, account credentials, and social media contacts. The AI tool was also used for developing and debugging malware, modifying assembly code, and researching publicly known vulnerabilities.
Beyond cyber attacks, Iranian state-affiliated actors have also used Gemini to manipulate information and conduct influence operations online. Iran-based groups have accounted for 75% of all AI-assisted disinformation activity, using Gemini for content creation, translation, localisation, and propaganda dissemination.
According to GTIG, Iranian threat actors have been engaged in “generating articles, rewriting text with specific political tones, and optimising content for maximum reach.”
Some groups have used SEO-optimised content to manipulate search rankings, while others asked Gemini to craft headline-grabbing video descriptions and hashtags promoting pro-regime narratives.
Google’s findings also found that Iranian hackers used Gemini to get intelligence on military targets and warfare technologies. In one case, APT42 sought AI-assisted explanations on US aerospace defence systems, researched Israeli missile defence mechanisms and anti-drone technologies. Additionally, other Iranian groups explored satellite jamming techniques and electronic warfare methods.
According to the report, Iranian actors have exhibited the broadest and most aggressive use of AI for cyber attacks, suggesting that Iran is increasing its reliance on AI to expand its cyber warfare capabilities and online disinformation campaigns.
Google | NCRI | Fortune | Computer Weekly | InfoSecurity Magazine | Tech Target |
Image: @SolGeminiAi
You Might Also Read:
Iranian Hacking Group Deploys Customised Spyware:
If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible
