Welcome to the glorious age of AI-assisted chaos, where state-backed hackers no longer need to spend sleepless nights combing through data - they’ve got Gemini doing their dirty work. According to a report by Bleeping Computer (source), Google’s Threat Intelligence Group (GTIG) has caught multiple advanced persistent threat (APT) groups using Gemini. And no, they’re not asking it how to become better people - they’re making their cyberattacks smoother, smarter, and way more efficient. Bravo, humanity.

Gemini: The Hackers’ AI Intern

Why waste time in shady forums when you can just get a chatbot to do the research for you? While most people use AI to generate emails or questionable haikus, hackers from Iran, China, North Korea, and Russia have discovered that Gemini is an excellent tool for:

• Writing scripts and building attack tools
• Digging up publicly known vulnerabilities (because of course Google tracks those)
• Translating and explaining complex technical concepts
• Gathering intelligence on target organizations
• Finding ways to bypass security measures, elevate privileges, and explore compromised networks

In short: AI isn’t launching the cyberattacks yet, but it’s making sure hackers don’t have to work too hard.

APT Groups and Their AI Shopping Lists

Iranian Hackers: The Overachievers

Iranian cyber groups are all-in on Gemini, using it for reconnaissance, phishing campaigns, and influence operations. Turns out, even hackers love a productivity boost.

Chinese APTs: Playing the Long Game

China’s state-backed hackers are setting their sights on U.S. military and government institutions, using Gemini to research vulnerabilities, automate lateral movements, and optimize post-exploitation tactics. Efficient and focused - just like an AI-assisted cybercrime department should be.

North Korea: Malware Development & IT Espionage

North Korea isn’t just using Gemini to level up its hacking - they’re leveraging it for their covert IT workforce, focusing on reconnaissance, malware development, and making their cyberattacks even harder to detect.

Russia: Low Effort, High Caution

Russian hackers? Barely using Gemini. Whether it’s because they trust their homegrown AI models more or just don’t want to leave a trail on Western platforms, they’ve only been spotted using it for basic scripting, translation, and payload generation. Maybe they don’t trust Google. Smart move.

Jailbreaking AI: The Next Cybercrime Frontier

Naturally, hackers have been trying to trick Gemini into breaking its own security restrictions. So far, Google’s safeguards are holding up - but let’s be honest, it’s only a matter of time before someone figures out the right prompt to turn it into their personal hacking assistant.

A similar thing happened with OpenAI’s ChatGPT in October 2024, when security researchers showed how certain generative AI models - like DeepSeek R1 and Alibaba’s Qwen 2.5 - were laughably easy to manipulate. The AI arms race isn’t about intelligence anymore; it’s about who patches their vulnerabilities first.

Skippy’s Take Out: The AI Cyberwar Has Begun

Gemini isn’t out here writing malware, but it sure is making hacking a breeze. And while Google scrambles to patch vulnerabilities and tighten security, one thing is clear: AI is already a tool in the cyberwarfare arsenal. If you’re still thinking AI is just about generating cat pictures, think again.

This is just the beginning. Buckle up.