threatintel
actor tracker
AI misuse catalog

APT41 and 20+ PRC-affiliated clusters used Gemini for post-compromise scripting and EDR reverse engineering

2025-01-29Google (GTIG)Gemini
CN · China
ChinaVendor label:APT41 + PRC cluster
Target reconnaissanceCode assistanceScripting / automationVulnerability research
Primary disclosure (Google (GTIG))

What they were trying to do

  1. 01

    Gain deeper post-compromise access to target networks via lateral movement and privilege escalation

  2. 02

    Reverse-engineer endpoint detection tools to support detection evasion

  3. 03

    Research Active Directory and Windows techniques for persistence and credential access

  4. 04

    Conduct reconnaissance on US military and government IT targets across multiple countries

How they did it

More than twenty PRC-affiliated clusters used Gemini across the full post-compromise lifecycle: reconnaissance on US military and government targets, Active Directory command generation, Windows Event Log remote access code, Outlook VSTO plugin signing, impacket troubleshooting, Carbon Black EDR reverse engineering, and Python bytecode conversion. APT41 specifically attempted — unsuccessfully — to extract Gemini's internal IP and system configuration.

Example queries

Verbatim excerpts from the disclosure — only what the vendor actually published.

How to sign a plugin for Microsoft Outlook and silently deploy it to all computers

— from disclosure (Google (GTIG))

Generate code to remotely access Windows Event Log

— from disclosure (Google (GTIG))

Command to identify the IP addresses of administrators on the domain controller

— from disclosure (Google (GTIG))

Help troubleshooting impacket

— from disclosure (Google (GTIG))

Reverse engineering the endpoint detection and response (EDR) tool Carbon Black

— from disclosure (Google (GTIG))

Convert disassembled Python bytecode into Python code

— from disclosure (Google (GTIG))

Assistance with Active Directory management commands

— from disclosure (Google (GTIG))

Possible solutions to TLS 1.3 visibility challenges

— from disclosure (Google (GTIG))

What they achieved

Concrete outputs obtained before platform disruption.

  • before disruption

    Active Directory management commands and Windows Event Log remote access code obtained

  • before disruption

    Troubleshooting advice for impacket and network protocol tooling

  • before disruption

    Understanding of TLS 1.3 visibility challenges

Vendor responseGoogle (GTIG)

Google terminated the associated accounts. APT41's attempt to reverse-engineer Carbon Black EDR was 'attempted unsuccessfully.' Gemini declined to disclose its internal system details when asked, providing only publicly available information while indicating the requested data is kept secret.

Full summary

GTIG tracked APT41 and more than twenty additional PRC-affiliated groups misusing Gemini. Documented uses include: reconnaissance on US military installations and government IT organisations; scripting and development for network access tools; research into signing and deploying malicious Outlook VSTO add-ins; Active Directory enumeration commands; remote-access via Windows Event Log manipulation; post-compromise lateral movement and privilege-escalation research; reverse engineering of endpoint detection tools including Carbon Black EDR; and troubleshooting impacket and other offensive tooling. Google terminated the associated accounts.

AI platforms involved

Gemini

Related incidents (same country or vendor label)

Source note: Every entry in this catalog is derived from a primary public disclosure by the named platform vendor. This entry cites Google (GTIG) as the primary source. No private, speculative, or non-public claims are presented here.