A Wake-Up Call from the Shadows
Picture a shadowy operative in Pyongyang, hunched over a keyboard, querying an AI for the perfect lure: salary details for aerospace engineers at a top U.S. defense firm. This isn't fiction—it's the reality Google's Threat Intelligence Group uncovered in their latest report. Released on February 12, 2026, the document exposes how North Korea-linked hackers hijacked the company's Gemini AI for espionage, blending open-source intel into targeted attacks on cybersecurity and defense companies. What started as subtle probes in late 2025 escalated into a full-blown operation, with groups from Iran and China joining the fray.
The hackers didn't just dabble; they integrated Gemini deeply into their workflows. North Korea's UNC2970, an alias for the notorious Lazarus Group, used it to profile high-value targets, mapping job roles and pay scales in sensitive sectors like energy and aerospace. This fed into Operation Dream Job, a long-running scam dangling fake job offers to steal secrets. Google's team spotted these moves in the fourth quarter of 2025, but the damage was already underway—AI supercharging reconnaissance that once took weeks into hours.
Meanwhile, Iran's APT42 leveraged Gemini for crafting convincing personas and social engineering ploys, translating languages and building rapport to hook victims. China's TEMP.Hex compiled dossiers on individuals and separatist groups, turning raw data into actionable intelligence. Even financially motivated crews got in on the act, blurring the lines between state espionage and cybercrime. It's a stark reminder: AI isn't picky about its users.
Tools of the Trade: How Gemini Became a Weapon
Dig deeper, and the tactics get ingenious—and alarming. One standout tool, HONESTCUE malware, tapped Gemini's API to whip up C# code for fileless attacks, compiling it in memory to dodge antivirus scans while pulling payloads from Discord. Security Affairs called this a proof-of-concept from a fringe group, but its real-world deployment shows how quickly experiments turn operational.
Then there's COINBAIT, a phishing beast mimicking crypto exchanges with AI-generated lures. Tied to UNC5356, it hid behind Cloudflare-protected React sites to harvest credentials. As The Hacker News reported, it's part of a growing arsenal of AI-aided phishing kits that make scams look polished and legitimate. These aren't isolated gadgets; they're woven into full attack chains, from initial recon to execution.
Model extraction attacks added another layer of menace. Hackers bombarded Gemini with over 100,000 prompts, probing its reasoning in non-English languages to siphon capabilities. Google claims they disrupted these without core model breaches, as detailed in their blog. But the sheer volume hints at a surge in attempts to steal or mimic AI smarts.
Threat actors got crafty with prompts too, framing them as "security research" or capture-the-flag games to slip past safeguards. This isn't just clever—it's accelerating everything from phishing to malware development, giving attackers a serious edge in speed and scale.
The Bigger Picture: From Experiment to Espionage Engine
This isn't new territory for North Korea's crews. UNC2970's moves echo Operation Dream Job's history of recruiting scams aimed at Western tech and defense firms, with ties to groups like Diamond Sleet and Hidden Cobra. But AI amps it up, turning routine espionage into something far more efficient. Google's blog notes a spike in stolen API keys on black markets, fueling underground jailbreaks that unlock even more abuse.
State actors from Iran, China, Russia, and beyond are all pivoting to AI-augmented ops. Infosecurity Magazine and Artificial Intelligence News confirm similar patterns, including Russian hackers dipping into Gemini for malicious campaigns. The lines between legit research and malice are fading—prompts disguised as harmless exercises evade detection, boosting attacker productivity in ways that tilt the cyber battlefield.
No major discrepancies pop up across reports from The Hacker News, Security Affairs, and The Record. They all point to a global trend: an AI arms race where tools like Gemini hand adversaries unprecedented leverage in info ops and reconnaissance.
Google's findings align with broader warnings about model theft and API exploitation. It's not just about one company's slip-up; it's a systemic shift where AI blurs ethical boundaries, making every query a potential reconnaissance tool.
Defending the Digital Front: Google's Response and Gaps
Faced with this onslaught, Google isn't standing idle. Through its AI Cyber Defense Initiative from 2024, they've rolled out tools like the Secure AI Framework for safer deployments, Big Sleep for spotting threats, and CodeMender for patching vulnerabilities. Disruptions have been key—blocking those 100,000 extraction prompts and disabling rogue assets. The company's Threat Intelligence Group emphasizes these as proactive wins, with no breaches to frontier models.
Yet, the report, timed just before the Munich Security Conference, underscores urgent needs for better governance. Policymakers are pushing to curb API abuses and jailbreak services, while Google advocates for collaborative defenses to protect the defense industrial base. Still, attackers are scaling up, erasing phishing tells like bad grammar and supercharging social engineering.
The defender's dilemma? It's flipping. AI empowers bad actors to outpace protections, turning reconnaissance into a breeze.
The Verdict: Time to Lock Down AI Before It's Too Late
Google's revelations aren't just a report—they're a indictment of open AI's vulnerabilities. Disabling threats after 100,000 prompts? That's reactive firefighting, not robust defense. We need mandatory attribution for high-risk queries and real-time monitoring to stop this at the source. North Korea's UNC2970 proves it: AI is fueling espionage at a terrifying pace, and without swift changes, we're handing adversaries the keys to the kingdom. Google, step up—prioritize prevention, or watch the cyber arms race spiral out of control. The future of secure AI hangs in the balance; let's not let negligence define it.