Signal

Google: nation-state hackers are using gemini for recon and attack support

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-02-12 13:59 UTCUpdated 2026-02-12 17:57 UTC

rss

threat_actorsgenai_abusereconnaissancemalware_developmentpost_compromisegoogle

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support

thehackernews · News · thehackernews.com · 2026-02-12 17:57 UTC

Nation-state hackers ramping up use of Gemini for target reconnaissance, malware coding, Google says

The Record (Recorded Future News) · News · therecord.media · 2026-02-12 13:59 UTC

limited source diversity in top sources

View all evidence

Overview

Two reports cite Google’s observations that multiple nation-state and state-linked threat actors are incorporating the Gemini generative AI model into different phases of cyber operations—especially target reconnaissance and practical development tasks—highlighting how mainstream GenAI tools are being adapted into attacker workflows.

Entities

GoogleGemini

Score total

1.02

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Google’s observations are being reported across multiple outlets
The reports highlight GenAI as an emerging element of current tradecraft

Why it matters

AI-assisted recon and scripting can speed up attacker workflows
Use of AI for vulnerability research may compress time-to-exploitation
Post-compromise enablement increases potential operational impact

LLM analysis

Topic mix: lowPromo risk: lowSource quality: medium

Recurring claims

Google says it observed state-backed and nation-state-linked hacking groups using Gemini to support malicious campaigns, including target reconnaissance.
Google says APT groups used Gemini for coding and scripting tasks, researching publicly known vulnerabilities, and enabling post-compromise activities.
Google says it observed North Korea-linked UNC2970 using Gemini for reconnaissance on targets.

How sources frame it

The Hacker News: neutral
The Record (Recorded Future News): neutral

All evidence

Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support

thehackernews · thehackernews.com · 2026-02-12 17:57 UTC

Nation-state hackers ramping up use of Gemini for target reconnaissance, malware coding, Google says

The Record (Recorded Future News) · therecord.media · 2026-02-12 13:59 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

thehackernews (1)
The Record (Recorded Future News) (1)

Top origin domains (this list)

thehackernews.com (1)
therecord.media (1)