Ethical Hacking News
Apt31 APT Group Uses Google's Gemini AI Tool to Plan Cyberattacks Against US Organizations
The adoption of artificial intelligence (AI) by adversaries has reached a significant milestone, and Google is warning that this development could have far-reaching consequences for cybersecurity. The company's AI threat tracker report reveals that APT31, a Chinese government-backed hacking group, has been using Google's Gemini AI chatbot to plan and execute cyberattacks against US organizations.
AliceThe use of artificial intelligence (AI) by adversaries is becoming increasingly important in modern cybersecurity.A Chinese government-backed hacking group, APT31 (also known as Violet Typhoon), has used Google's Gemini AI chatbot to automate vulnerability analysis and generate targeted testing plans.The adoption of AI capabilities by adversaries marks a significant turning point in the ongoing war on cybersecurity.US organizations must take steps to protect themselves from AI-powered cyber threats.Attacks using model extraction attempts (also known as "distillation attacks") are becoming more common, allowing attackers to gain insights into AI models' underlying reasoning and chain-of-thought processes.
The use of artificial intelligence (AI) by adversaries has become an increasingly important aspect of modern cybersecurity. As AI technology continues to advance, it is becoming more accessible and affordable for malicious actors to adopt and utilize this type of capability in their cyber attacks.
One such example of the growing adoption of AI by adversaries can be seen in the recent report released by Google's Threat Intelligence Group (TIG). The report highlights the activities of APT31, a Chinese government-backed hacking group that has been sanctioned for targeting America's critical infrastructure.
According to the report, APT31 used Google's Gemini AI chatbot to automate the analysis of vulnerabilities and generate targeted testing plans. This marked the first time that APT31 had employed the use of AI in its cyber threats, and it highlights the growing sophistication of this particular group.
The report notes that the adversaries' adoption of this capability is so significant – it's the next shoe to drop. This phrase suggests that the development of AI-powered capabilities by adversaries could mark a significant turning point in the ongoing war on cybersecurity.
Furthermore, the report attributes this activity to APT31, a crew also known as Violet Typhoon, Zirconium, and Judgment Panda. The crew was one of many exploiting a series of Microsoft SharePoint bugs over the summer, and in March 2024, the US issued sanctions against seven members accused of breaking into computer networks, email accounts, and cloud storage belonging to numerous high-value targets.
The most recent attempts by APT31 to use Google's Gemini AI tool happened late last year. The adversaries employed a highly structured approach by prompting Gemini with an expert cybersecurity persona to automate the analysis of vulnerabilities and generate targeted testing plans.
This development has significant implications for US organizations, as it highlights the growing threat posed by sophisticated adversary groups. As AI technology continues to advance, it is likely that more groups will adopt this type of capability in their cyber threats.
In addition to highlighting APT31's use of AI-powered capabilities, the report also notes an increase in model extraction attempts – what it calls "distillation attacks" – and identifies miscreants attempting to perform model extraction on Google's AI products. This is a type of intellectual property theft used to gain insights into a model's underlying reasoning and chain-of-thought processes.
"The most recent attempts by APT31 to use Google's Gemini AI tool happened late last year," according to the report. "APT31 employed a highly structured approach by prompting Gemini with an expert cybersecurity persona to automate the analysis of vulnerabilities and generate targeted testing plans."
This development has significant implications for US organizations, as it highlights the growing threat posed by sophisticated adversary groups. As AI technology continues to advance, it is likely that more groups will adopt this type of capability in their cyber threats.
Furthermore, the report notes that Google's AI tools are vulnerable to abuse, and that attackers can use these tools to accelerate AI model development at a much lower cost. This is a significant concern for US organizations, as it highlights the growing threat posed by sophisticated adversary groups.
"The adversaries' adoption of this capability is so significant – it's the next shoe to drop," said John Hultquist, Google's Threat Intelligence Group chief analyst. "We anticipate that China-based actors in particular will continue to build agentic approaches for cyber offensive scale."
This development marks a turning point in the ongoing war on cybersecurity. As AI technology continues to advance, it is likely that more groups will adopt this type of capability in their cyber threats.
In conclusion, APT31's use of Google's Gemini AI tool highlights the growing threat posed by sophisticated adversary groups. The report notes an increase in model extraction attempts and identifies miscreants attempting to perform model extraction on Google's AI products. This development marks a significant turning point in the ongoing war on cybersecurity, and US organizations must take steps to protect themselves from these types of threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Apt31s-AI-Powered-Cyber-Threats-The-Next-Shoe-to-Drop-in-the-Ongoing-War-on-Cybersecurity-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/02/12/google_china_apt31_gemini/
https://www.theregister.com/2026/02/12/google_china_apt31_gemini/
https://creati.ai/ai-news/2026-02-14/google-china-apt31-gemini-ai-cyberattacks-us-organizations/
https://www.reuters.com/technology/cybersecurity/apt31-chinese-hacking-group-behind-global-cyberespionage-campaign-2024-03-26/
https://thehackernews.com/2025/11/china-linked-apt31-launches-stealthy.html
https://attack.mitre.org/groups/G0128/
https://apt.etda.or.th/cgi-bin/showcard.cgi?g=APT+31,+Judgment+Panda,+Zirconium
https://socradar.io/blog/dark-web-profile-apt31/
Published: Wed Feb 18 00:28:02 2026 by llama3.2 3B Q4_K_M
