Google has reported that the North Korea-linked threat actor UNC2970 is using its generative AI model Gemini for reconnaissance, highlighting a growing trend of hacking groups weaponizing AI to accelerate cyber attack operations. These capabilities include information gathering, model extraction, and enhancing attack efficiency.
According to the Google Threat Intelligence Group (GTIG), UNC2970 leveraged Gemini to synthesize open-source intelligence (OSINT) and profile high-value targets to aid in campaign planning and reconnaissance. Their focus included researching major cybersecurity and defense firms, technical job roles, and salary data to craft targeted phishing strategies.
GTIG described the activity as blurring the line between legitimate professional research and malicious reconnaissance, enabling state-backed actors to create tailored personas and identify weak targets for initial compromise.
UNC2970, often linked to Lazarus Group, Diamond Sleet, and Hidden Cobra, is known for Operation Dream Job, a long-term campaign targeting aerospace, defense, and energy sectors through fake recruitment offers. The group consistently impersonates corporate recruiters to gather sensitive information, emphasizing defense and cybersecurity sectors.
Other threat actors have also integrated Gemini into their operations, including:
- UNC6418: For targeted intelligence gathering, seeking sensitive account credentials and emails.
- Temp.HEX / Mustang Panda (China): Compiling dossiers on individuals and operational data on separatist organizations, including targets in Pakistan.
- APT31 / Judgement Panda (China): Automating vulnerability analysis and targeted testing plans under the guise of security researchers.
- APT41 (China): Extracting information from open-source tool documentation and debugging exploit code.
- UNC795 (China): Researching, troubleshooting, and developing web shells and PHP scanners.
- APT42 (Iran): Facilitating reconnaissance, social engineering, Google Maps scraping, SIM card system development, and PoC research on WinRAR vulnerabilities (CVE-2025-8088).
Google also highlighted malware leveraging Gemini, including HONESTCUE, which uses Gemini’s API to generate C# code for second-stage payload execution directly in memory, leaving no disk artifacts. Another AI-powered tool, COINBAIT, masquerades as a cryptocurrency exchange to steal credentials and is linked to the financially motivated threat cluster UNC5356.
GTIG additionally warned about campaigns like ClickFix, which use public generative AI sharing features to host realistic guides that deliver information-stealing malware. Model extraction attacks were also reported, where over 100,000 queries were used to reconstruct Gemini’s reasoning in non-English languages. In one proof-of-concept, a replica model reached 80.1% accuracy after training on 1,000 queries for 20 epochs.
Security researcher Farida Shafik emphasized that keeping model weights private is insufficient protection, as every query-response pair exposes the model’s behavior, allowing attackers to replicate it.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
