ENEN
EN CN FR DE PT ES RU
loginLog in
Try For Free
Featured News
How Banks and Financial Institutions Use AI for Decision-Making in 2026

How Banks and Financial Institutions Use AI for Decision-Making in 2026
SS&C Blue Prism RPA to Agentic Automation Journey Guide 2026

SS&C Blue Prism RPA to Agentic Automation Journey Guide 2026
How NatWest Uses AI in Banking Operations and Business Functions

How NatWest Uses AI in Banking Operations and Business Functions
How AI Automation Increases ROI in Accounts Payable Finance Operations

How AI Automation Increases ROI in Accounts Payable Finance Operations
Murder Mystery 2: How Player Behavior Shapes Online Gaming Experiences

Murder Mystery 2: How Player Behavior Shapes Online Gaming Experiences
AI Healthcare Forecasting Model Improves Resource Efficiency and Hospital Operations

AI Healthcare Forecasting Model Improves Resource Efficiency and Hospital Operations
Google Detects State-Sponsored Hackers Using AI in Cyberattacks

Google Detects State-Sponsored Hackers Using AI in Cyberattacks
Barclays Uses AI Technology to Reduce Costs and Increase Profits

Barclays Uses AI Technology to Reduce Costs and Increase Profits
Chinese Cloud Giants Lead Industry-Specific AI Agent Development and Innovation

Chinese Cloud Giants Lead Industry-Specific AI Agent Development and Innovation
AI Analysis of XRP ETF Markets: What It Can and Cannot Predict

AI Analysis of XRP ETF Markets: What It Can and Cannot Predict
Best AI Penetration Testing Companies and Tools for Cybersecurity in 2026

Best AI Penetration Testing Companies and Tools for Cybersecurity in 2026
Major Companies Deploy AI Agents in Business Operations: Intuit, Uber, State Farm Lead the Way

Major Companies Deploy AI Agents in Business Operations: Intuit, Uber, State Farm Lead the Way

Google Detects State-Sponsored Hackers Using AI in Cyberattacks

2026-02-14 by AICC
State-sponsored hackers using AI

State-sponsored hackers are exploiting highly-advanced tooling to accelerate their particular flavours of cyberattacks, with threat actors from Iran, North Korea, China, and Russia using models like Google's Gemini to further their campaigns. They are able to craft sophisticated phishing campaigns and develop malware, according to a new report from Google's Threat Intelligence Group (GTIG).

The quarterly AI Threat Tracker report, released today, reveals how government-backed attackers have begun to use artificial intelligence in the attack lifecycle – reconnaissance, social engineering, and eventually, malware development. This activity has become apparent thanks to the GTIG's work during the final quarter of 2025.

"For government-backed threat actors, large language models have become essential tools for technical research, targeting, and the rapid generation of nuanced phishing lures," GTIG researchers stated in their report.

🎯 Reconnaissance by State-Sponsored Hackers Targets the Defence Sector

Iranian threat actor APT42 is reported as having used Gemini to augment its reconnaissance and targeted social engineering operations. The group used an AI to create official-seeming email addresses for specific entities and then conducted research to establish credible pretexts for approaching targets.

APT42 crafted personas and scenarios designed to better elicit engagement by their targets, translating between languages and deploying natural, native phrases that helped it get round traditional phishing red flags, such as poor grammar or awkward syntax.

North Korean government-backed actor UNC2970, which focuses on defence targeting and impersonating corporate recruiters, used Gemini to help it profile high-value targets. The group's reconnaissance included searching for information on major cybersecurity and defence companies, mapping specific technical job roles, and gathering salary information.

"This activity blurs the distinction between routine professional research and malicious reconnaissance, as the actor gathers the necessary components to create tailored, high-fidelity phishing personas," GTIG noted.

⚠️ Model Extraction Attacks Surge

The latest intelligence reveals a significant increase in model extraction attacks, where adversaries attempt to replicate or steal AI model capabilities. These sophisticated operations represent an evolving threat landscape where state-sponsored actors continuously adapt their techniques to exploit cutting-edge technologies for malicious purposes.

Security experts warn that organizations must remain vigilant and implement robust AI security measures to protect against these advanced persistent threats that leverage artificial intelligence for reconnaissance, social engineering, and malware development activities.