North Korea-Linked UNC2970 Uses Gemini For Reconnaissance
Google said on Thursday, Feb. 12, 2026, it observed the North Korea-linked threat actor UNC2970 using its generative AI model Gemini to conduct reconnaissance on targets. The company warned hackers and other groups are weaponizing Gemini to accelerate attack lifecycle phases, enable information operations, and perform model-extraction attacks. The activity underscores growing misuse of LLMs in cyber operations.
Key Points
- 1Observed UNC2970 employing Gemini for reconnaissance, using generative AI to profile targets and gather intelligence
- 2Demonstrates threat actors accelerating attack phases, enabling faster reconnaissance, phishing, and social-engineering campaigns
- 3Impacts defenders by raising urgency for model-access controls, monitoring, threat intelligence, and endpoint hardening
Scoring Rationale
Official Google disclosure elevates urgency for defenders and industry, but concise reporting limits specific mitigation steps and technical detail.
Sources
Public references used for this report.
Practice with real Ad Tech data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Ad Tech problems
