State-Sponsored Cyber Threats: A Deep Dive into AI Misuse
State-sponsored threat actors from China, Iran, Russia, and North Korea have been exploiting Google's Gemini AI in 2025, showcasing a concerning trend in the misuse of artificial intelligence for malicious purposes. Despite Google's efforts to detect and prevent such activities, these actors have found ways to leverage Gemini's capabilities across various stages of their attack campaigns.
Google's Threat Intelligence Group (GTIG) released a comprehensive report, 'AI Threat Tracker: Advances in Threat Actor Usage of AI Tools', detailing these findings. The report highlights how adversaries are moving beyond using AI for productivity, instead employing it for nefarious activities.
Technical Insights and Countermeasures
Google's security measures for Gemini AI trigger safety responses when threat actors request assistance with malicious activities. However, these actors have demonstrated ingenuity in bypassing these protections through social engineering tactics.
One notable example involves a China-linked actor who posed as a capture-the-flag competition participant to persuade Gemini into providing exploitation guidance. Once this technique proved successful, the actor began prefacing prompts about software exploitation with statements like, 'I am working on a CTF problem.' This approach enabled the actor to obtain advice on phishing, exploitation, and webshell development.
Similarly, an Iranian group known as MUDDYCOAST impersonated university students working on final projects or academic papers on cybersecurity to bypass safety guardrails and obtain assistance in developing custom malware. In doing so, they inadvertently exposed command-and-control (C2) infrastructure while requesting coding assistance from Gemini.
Advanced Tactics and Evolution
These threat actors have evolved their tactics, leveraging Gemini for tasks such as initial reconnaissance, phishing technique research, lateral movement assistance, C2 framework development, and data exfiltration. They demonstrate a particular interest in unfamiliar attack surfaces, including cloud infrastructure, vSphere, and Kubernetes.
Google noted that a suspected Chinese threat actor had access to compromised AWS tokens for EC2 instances and used Gemini to research how to exploit temporary session credentials. Meanwhile, Chinese group APT41 utilized Gemini for C++ and Golang code development within their C2 framework, OSSTUN.
Another Iranian group, APT42, employed Gemini's text generation and editing capabilities to craft phishing campaigns, often impersonating individuals from prominent think tanks and using lures related to security technology, event invitations, or geopolitical discussions.
North Korean Operations and Cryptocurrency Targeting
North Korean groups have also been active, researching cryptocurrency concepts, generating phishing lures in multiple languages, and attempting to develop credential-stealing code. One such group focused on the location of users' cryptocurrency wallet application data, creating Spanish-language work-related excuses and requests to reschedule meetings.
They attempted to misuse Gemini to develop code for stealing cryptocurrency and crafting fraudulent instructions impersonating software updates to extract user credentials.
Additionally, North Korean group PUKCHONG used Gemini for research supporting custom malware development, including exploits and tooling improvements.
Malware Evolution and Experimental Threats
Google's threat intelligence also uncovers experimental malware, such as PROMPTFLUX, which queries Google's Gemini API during execution to generate malicious code on the fly, attempting to evade detection through continuous self-modification.
PROMPTSTEAL, attributed to a Russian government-backed group, APT28, queries the Qwen2.5-Coder-32B-Instruct model via Hugging Face's API to generate Windows commands for stealing system information and documents, dynamically requesting them during operation.
Google characterizes these threats as experimental, noting incomplete features and API call limiters suggest ongoing development rather than widespread deployment. The company emphasizes that these tools currently lack the ability to compromise victim networks or devices.
Mitigation and Future Challenges
Google's mitigation strategies involve disabling accounts after detection rather than real-time blocking, creating a window where actors can extract value before disruption. As AI continues to evolve, so too will the tactics of threat actors, underscoring the need for ongoing vigilance and innovation in cybersecurity defenses.
