Government-backed hackers from multiple nations are increasingly utilizing Google's Gemini artificial intelligence chatbot for various cyber operations, as revealed in a recent report by the tech giant's Threat Intelligence Group. This alarming trend underscores the dual-use potential of generative AI, which was initially created to enhance productivity but is now being exploited for malicious purposes.
Among the nations identified, Iran, China, North Korea, and Russia have emerged as key players, with Iranian groups responsible for approximately 75% of the identified misuse. These actors are engaging in activities such as vulnerability research, phishing campaign design, and digital espionage. For instance, Iranian hackers have leveraged Gemini to gather intelligence on defense agencies and craft narratives for influence operations.
Chinese state-affiliated hackers show a more systematic approach, focusing on scripting and troubleshooting tasks using Gemini. Their actions reflect broader concerns regarding the ongoing sophistication of Chinese cyber activities, particularly recent attacks targeting U.S. critical infrastructure. Meanwhile, North Korean hackers have taken a distinct approach by employing Gemini to support covert infiltration of Western companies, disguising themselves as legitimate IT workers.