North Korea-linked hackers are leveraging Google’s generative AI model, Gemini, to streamline cyber espionage operations. This development signifies a new frontier in the weaponization of artificial intelligence by state-sponsored threat actors, allowing for accelerated reconnaissance and campaign planning. The trend highlights the growing sophistication of cyber attacks as malicious groups increasingly integrate AI tools into their arsenal.
North Korea’s UNC2970 Exploits Gemini for Advanced Reconnaissance
Google Threat Intelligence Group (GTIG) has observed the North Korea-affiliated hacking group, identified as UNC2970, utilizing Google’s Gemini AI to conduct sophisticated reconnaissance on potential targets. The group employed the generative AI model to synthesize open-source intelligence (OSINT) and create detailed profiles of high-value targets. This proactive use of AI enables them to more effectively plan and execute cyber attack campaigns.
According to GTIG’s report, UNC2970’s target profiling involved actively searching for information on prominent cybersecurity and defense companies. They also focused on mapping specific technical job roles and associated salary details. This meticulous information gathering allows the hacking group to craft more convincing phishing personas and identify individuals with access to sensitive systems, often referred to as “soft targets” for initial compromise.
The blurred line between legitimate professional research and malicious reconnaissance is a key concern highlighted by GTIG. By leveraging Gemini, UNC2970 can efficiently gather comprehensive data that supports their espionage efforts. This allows them to tailor their attacks with a higher degree of precision, increasing the likelihood of success.
UNC2970 is known to have significant overlap with other tracked threat clusters, including Lazarus Group, Diamond Sleet, and Hidden Cobra, all associated with North Korea. This group is particularly recognized for its long-running operation, codenamed “Operation Dream Job.” Through this operation, they have targeted sectors such as aerospace, defense, and energy by impersonating legitimate recruiters and offering fraudulent job opportunities to lure victims.
GTIG noted that UNC2970 consistently maintains a focus on defense sector targeting and the impersonation of corporate recruiters. Their profiling activities, powered by AI, include detailed inquiries into major cybersecurity and defense firms, specifying technical job functions and compensation benchmarks. This persistent strategy underscores their dedication to penetrating critical industries.
Broader Trend: AI Integration by Diverse Hacking Groups
UNC2970 is not an isolated case. A growing number of hacking groups are integrating generative AI tools like Gemini into their operational workflows to accelerate various stages of the cyber attack lifecycle. This includes enhancing information operations, developing sophisticated phishing kits, and even executing model extraction attacks.
Other notable threat actors observed using AI to bolster their capabilities include:
UNC6418 (Unattributed) has used AI for targeted intelligence gathering, specifically seeking sensitive account credentials and email addresses. Temp.HEX, also known as Mustang Panda (China), has compiled dossiers on specific individuals, including targets in Pakistan, and gathered operational data on separatist organizations. APT31, or Judgement Panda (China), has automated vulnerability analysis and developed targeted testing plans by posing as security researchers.
APT41 (China) has leveraged AI to extract explanations from open-source tool documentation and to debug exploit code. UNC795 (China) has employed AI for code troubleshooting, research, and the development of web shells and scanners for PHP servers. APT42 (Iran) has used AI to facilitate reconnaissance and social engineering by creating engaging personas, developing a Google Maps scraper, and researching proof-of-concept exploits for vulnerabilities like CVE-2025-8088 in WinRAR.
Beyond direct reconnaissance, Google has also identified novel malware and phishing kits that leverage AI. The malware known as HONESTCUE utilizes Gemini’s API to generate code for its next-stage functionality. Separately, an AI-generated phishing kit named COINBAIT, constructed using Lovable AI, impersonates a cryptocurrency exchange with the goal of harvesting credentials. Aspects of COINBAIT activity have been linked to the financially motivated threat cluster UNC5356.
“HONESTCUE is a downloader and launcher framework that sends a prompt via Google Gemini’s API and receives C# source code as the response,” Google’s report stated. “However, rather than leveraging an LLM to update itself, HONESTCUE calls the Gemini API to generate code that operates the ‘stage two’ functionality, which downloads and executes another piece of malware.”
The fileless secondary stage of HONESTCUE compiles and executes the C# source code received from Gemini’s API directly in memory using the legitimate .NET CSharpCodeProvider framework. This method leaves no on-disk artifacts, making detection more challenging.
Additionally, Google has drawn attention to recent ClickFix campaigns that exploit the public sharing features of generative AI services. These campaigns host realistic instructions for fixing common computer issues, ultimately serving as a delivery mechanism for information-stealing malware. This activity was initially flagged in December 2025 by Huntress.
The company also detailed its successful disruption of model extraction attacks. These attacks aim to systematically query proprietary machine learning models to extract sensitive information and build replica models that mimic the original’s behavior. In one large-scale incident, Gemini itself was subjected to over 100,000 prompts designed to replicate its reasoning capabilities across various tasks and languages.
A recent proof-of-concept extraction attack by Praetorian demonstrated that a replica model achieved an 80.1% accuracy rate by sending just 1,000 queries to the victim’s API, recording the outputs, and training a new model. Security researcher Farida Shafik emphasized that “Many organizations assume that keeping model weights private is sufficient protection. But this creates a false sense of security. In reality, behavior is the model.”
Future Implications and Ongoing Challenges
The increasing use of generative AI by threat actors presents a significant challenge for cybersecurity defenses. The ability of these tools to rapidly synthesize information, generate sophisticated social engineering lures, and even produce functional code means that attack lifecycles could be dramatically shortened. Organizations must adapt their threat detection and response strategies to account for AI-augmented attacks.
The continuous evolution of these tactics suggests that AI will become an even more integral part of both offensive and defensive cybersecurity operations. Future developments will likely see more sophisticated AI-driven malware, advanced phishing campaigns, and novel methods of exploiting AI models themselves for malicious purposes. The race between AI-powered offense and defense is intensifying, requiring ongoing vigilance and innovation from the cybersecurity community.