Overview
- Google’s Threat Intelligence Group reports that APTs from China, Iran, North Korea, and Russia used Gemini across the attack lifecycle, including reconnaissance, phishing, coding, vulnerability testing, C2 development, and data exfiltration.
- One campaign sent more than 100,000 prompts to replicate Gemini’s reasoning, a model‑extraction effort Google describes as intellectual property theft rather than a direct user‑data risk, with suspects believed to be commercially motivated actors.
- Google observed China‑linked APT31 prompting an expert cybersecurity persona and using Hexstrike MCP tooling to automate vulnerability analysis and generate targeted testing plans against US‑based targets, after which related accounts were disabled.
- GTIG documented underground toolkits such as Xanthorox that advertise bespoke AIs but actually route to commercial models including Gemini, reinforcing reliance on stolen or hijacked API access in criminal ecosystems.
- Researchers also tracked AI‑enabled tooling like the HonestCue proof‑of‑concept malware framework and the CoinBait phishing kit, and Google says it has implemented targeted classifier updates and monitoring to curb such abuse, noting no breakthrough to fully autonomous large‑scale attacks.