North Korea-Linked UNC2970 Uses Gemini For Reconnaissance

Google said on Thursday, Feb. 12, 2026, it observed the North Korea-linked threat actor UNC2970 using its generative AI model Gemini to conduct reconnaissance on targets. The company warned hackers and other groups are weaponizing Gemini to accelerate attack lifecycle phases, enable information operations, and perform model-extraction attacks. The activity underscores growing misuse of LLMs in cyber operations.