APT41 and 20+ PRC-affiliated clusters used Gemini for post-compromise scripting and EDR reverse engineering
What they were trying to do
- 01
Gain deeper post-compromise access to target networks via lateral movement and privilege escalation
- 02
Reverse-engineer endpoint detection tools to support detection evasion
- 03
Research Active Directory and Windows techniques for persistence and credential access
- 04
Conduct reconnaissance on US military and government IT targets across multiple countries
How they did it
More than twenty PRC-affiliated clusters used Gemini across the full post-compromise lifecycle: reconnaissance on US military and government targets, Active Directory command generation, Windows Event Log remote access code, Outlook VSTO plugin signing, impacket troubleshooting, Carbon Black EDR reverse engineering, and Python bytecode conversion. APT41 specifically attempted — unsuccessfully — to extract Gemini's internal IP and system configuration.
Example queries
Verbatim excerpts from the disclosure — only what the vendor actually published.
How to sign a plugin for Microsoft Outlook and silently deploy it to all computers
Generate code to remotely access Windows Event Log
Command to identify the IP addresses of administrators on the domain controller
Help troubleshooting impacket
Reverse engineering the endpoint detection and response (EDR) tool Carbon Black
Convert disassembled Python bytecode into Python code
Assistance with Active Directory management commands
Possible solutions to TLS 1.3 visibility challenges
What they achieved
Concrete outputs obtained before platform disruption.
- before disruption
Active Directory management commands and Windows Event Log remote access code obtained
- before disruption
Troubleshooting advice for impacket and network protocol tooling
- before disruption
Understanding of TLS 1.3 visibility challenges
Google terminated the associated accounts. APT41's attempt to reverse-engineer Carbon Black EDR was 'attempted unsuccessfully.' Gemini declined to disclose its internal system details when asked, providing only publicly available information while indicating the requested data is kept secret.
Full summary
GTIG tracked APT41 and more than twenty additional PRC-affiliated groups misusing Gemini. Documented uses include: reconnaissance on US military installations and government IT organisations; scripting and development for network access tools; research into signing and deploying malicious Outlook VSTO add-ins; Active Directory enumeration commands; remote-access via Windows Event Log manipulation; post-compromise lateral movement and privilege-escalation research; reverse engineering of endpoint detection tools including Carbon Black EDR; and troubleshooting impacket and other offensive tooling. Google terminated the associated accounts.
AI platforms involved
Related incidents (same country or vendor label)
- CN · China
GTG-1002: first publicly disclosed AI-orchestrated cyber espionage campaign (PRC state-sponsored)
2025-11-13Anthropic - CN · China
SweetSpecter spear-phished OpenAI employees while using ChatGPT for recon
2024-10-09OpenAI - CN · China
Spamouflage Chinese influence operation used LLMs to draft posts
2024-05-30OpenAI - CN · China
Charcoal Typhoon used LLMs for tooling and social-engineering research
2024-02-14Microsoft + OpenAI - CN · China
Salmon Typhoon used LLMs for translation and intel-agency research
2024-02-14Microsoft + OpenAI
Source note: Every entry in this catalog is derived from a primary public disclosure by the named platform vendor. This entry cites Google (GTIG) as the primary source. No private, speculative, or non-public claims are presented here.