Hackers Turn AI Into an Attack Assistant From Recon to Exfiltration
Government-backed groups and cybercriminals are now using generative AI to accelerate intrusion workflows.
Global
State-aligned operators from China, Iran, North Korea, and Russia have begun integrating Gemini into daily offensive activity, according to findings from the Google Threat Intelligence Group.
Researchers observed adversaries using the model across the full lifecycle of an attack. These stages included reconnaissance, phishing development, exploit research, malware troubleshooting, and even command-and-control preparation.
While AI did not magically create new superpowers, it significantly reduced effort and increased speed.
How Threat Actors Are Using AI
Investigators tracked multiple groups, including:
- APT31
- APT42
- UNC2970
Chinese operators experimented with scenario-based prompts. They asked the model to automate vulnerability analysis and generate testing approaches against specific foreign targets.
Other actors used Gemini to refine malicious code, translate material, and understand exploitation paths. Iranian teams in particular leveraged it to craft persuasive social engineering content and accelerate custom tooling.
AI as a Malware Development Helper
Google’s researchers also linked generative AI assistance to upgrades in existing malware ecosystems.
One example involved HonestCue, a framework that uses the Gemini API to generate C# components for second-stage payloads. The malware then compiles and runs them in memory.
Another case featured CoinBait, which mimics cryptocurrency services to harvest credentials. Artifacts inside the kit suggested developers relied on AI coding platforms during construction.
In some samples, analysts found developer notes and structured logging patterns that hinted at automated assistance.
ClickFix Campaigns Go AI-Assisted
Cybercriminal groups also adopted AI services for ClickFix-style operations. Victims searching for troubleshooting advice encountered malicious ads. The prompts then guided them into executing harmful commands, which ultimately delivered infostealers.
Because users perform the actions themselves, defenders often see legitimate behavior rather than a classic exploit chain.
Model Theft Becomes the Next Battlefield
Beyond operational misuse, Google identified large-scale attempts to replicate the reasoning capabilities of Gemini.
Attackers submitted tens of thousands of carefully structured prompts. They aimed to mirror how the system responded across languages and tasks. Researchers describe this approach as model extraction followed by knowledge distillation.
While it may not directly harm end users today, it threatens the economics and intellectual property behind AI services.
Google’s Response
Google has already disabled infrastructure and accounts connected to abuse. Engineers also strengthened detection layers within Gemini to limit malicious workflows.
The company continues to test safety guardrails and adapt protections as adversaries refine their prompting techniques.
Strategic Reality for Defenders
AI lowers the barrier to entry and compresses preparation time. It helps inexperienced actors produce convincing lures while allowing advanced groups to move faster.
However, defenders can use the same acceleration for detection, enrichment, and response.
The contest is no longer about who has AI. It is about who uses it better.