Today’s Topics:
- Google Reports State-Sponsored Hackers Abusing Gemini AI for Cyber Operations
- Texas Bans DeepSeek and RedNote from Government Devices Over Security Concerns
- How can Netizen help?
Google Reports State-Sponsored Hackers Abusing Gemini AI for Cyber Operations

Google has revealed that state-backed hacking groups are increasingly experimenting with its AI-powered Gemini assistant to enhance their cyber capabilities. According to Google’s Threat Intelligence Group (GTIG), these advanced persistent threat (APT) actors primarily use Gemini for productivity purposes, rather than for creating or executing AI-driven cyberattacks.
While AI tools have yet to revolutionize cyberattacks, threat actors are leveraging them to speed up various stages of their operations, including reconnaissance, research, and scripting. Google has identified activity linked to APT groups from over 20 countries, with particularly high usage from actors associated with Iran and China.
Google’s report outlines how state-sponsored hacking groups, including those from Iran, China, North Korea, and Russia, have been experimenting with Gemini to improve their operational efficiency. Their activities include:
- Iranian APTs: The most active users of Gemini, Iranian hackers have used it for reconnaissance on defense organizations and experts, researching publicly known vulnerabilities, crafting phishing campaigns, and generating content for influence operations. They have also sought translations and technical explanations related to cybersecurity and military technologies, such as unmanned aerial vehicles (UAVs) and missile defense systems.
- Chinese APTs: These groups have focused on reconnaissance targeting U.S. military and government organizations, researching vulnerabilities, scripting for lateral movement and privilege escalation, and evasion techniques for post-compromise persistence. Additionally, they have attempted to access Microsoft Exchange using password hashes and reverse-engineer security tools like Carbon Black EDR.
- North Korean APTs: Their use of Gemini has supported multiple attack phases, including identifying free hosting providers for infrastructure, conducting reconnaissance on target organizations, and developing malware with enhanced evasion techniques. North Korean hackers have also exploited Gemini to draft job applications and cover letters as part of efforts to infiltrate Western companies under false identities.
- Russian APTs: Russian hackers have had limited engagement with Gemini, mainly using it for scripting assistance, translation, and malware development. Activities included rewriting malware in different programming languages, adding encryption to malicious code, and analyzing existing public malware. Their minimal use may indicate a preference for domestic AI models or an operational security decision to avoid Western AI platforms.
Google notes that some APT actors attempted to circumvent Gemini’s security restrictions by using public jailbreak techniques or rewording their prompts. However, these attempts were reportedly unsuccessful.
The misuse of generative AI by cybercriminals is not limited to Gemini. OpenAI previously disclosed similar activity involving ChatGPT in October 2024, indicating a broader trend of AI exploitation by threat actors.
While major AI providers implement security measures to prevent abuse, the growing number of AI models with weak protections is a concern. Cybersecurity firm KELA recently highlighted security flaws in DeepSeek R1 and Alibaba’s Qwen 2.5, showing they are vulnerable to prompt injection attacks. Additionally, Unit 42 researchers demonstrated how easily DeepSeek R1 and V3 could be jailbroken for malicious use.
As AI tools become more sophisticated, their misuse by threat actors is likely to expand. While Gemini and ChatGPT have security safeguards in place, the emergence of AI platforms with weak or nonexistent restrictions creates new challenges for cybersecurity defenders. Organizations must remain vigilant, implementing strict AI usage policies and monitoring for potential abuse by threat actors seeking to exploit these technologies for malicious purposes.
Texas Bans DeepSeek and RedNote from Government Devices Over Security Concerns

Texas Governor Greg Abbott has ordered a ban on Chinese AI platform DeepSeek and social media apps RedNote (Xiaohongshu) and Lemon8 from all state-issued devices, citing concerns over data security and potential foreign influence. Texas is the first state to impose such a restriction on DeepSeek, which has recently surged in popularity among U.S. users.
In a statement, Abbott emphasized the state’s commitment to protecting critical infrastructure from foreign threats. “Texas will not allow the Chinese Communist Party to infiltrate our state’s critical infrastructure through data-harvesting AI and social media apps,” he said. “Texas will continue to protect and defend our state from hostile foreign actors.”
The governor’s office declined to provide further details on the decision.
DeepSeek, a rapidly growing AI startup, has gained attention for its ability to rival OpenAI’s models. Meanwhile, RedNote (Xiaohongshu) and Lemon8, both owned by Chinese companies, have seen increased adoption in the U.S., particularly after the brief ban on TikTok. Xiaohongshu, widely used in China and neighboring countries, has around 300 million active users and was adopted by many Americans as a TikTok alternative and protest tool against restrictions on the popular video-sharing app.
Lemon8, owned by ByteDance—the same company behind TikTok—also gained traction leading up to TikTok’s temporary ban on January 19.
Texas’ move follows broader efforts at both the state and federal levels to restrict access to Chinese-owned platforms on government devices. TikTok has already been banned on government-issued devices in Texas and multiple other states, and its future remains uncertain as ByteDance navigates ongoing U.S. regulatory scrutiny.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
