Cybersecurity researchers have revealed that a suspected North Korean state-sponsored hacking group used ChatGPT to generate a deepfake military ID in a phishing campaign targeting South Korea. The incident highlights how attackers are increasingly exploiting artificial intelligence for cyber-espionage and malware development.
According to findings published in July by South Korean cybersecurity firm Genians, the hackers crafted a fake draft of a South Korean military identification card to make a phishing email appear authentic. While the email displayed a counterfeit ID, it contained malware designed to extract data from the recipient’s device.
The group behind the attack, known as Kimsuky, has long been linked to North Korea’s intelligence operations. A 2020 advisory from the US Department of Homeland Security stated that Kimsuky “is most likely tasked by the North Korean regime with a global intelligence-gathering mission.”
This case is part of a wider pattern of North Korean hackers turning to AI. In August, Anthropic reported that operatives had used its Claude Code tool to pose as software developers, pass coding tests, and secure remote jobs at US Fortune 500 companies. Earlier in February, OpenAI said it had banned accounts connected to North Korea that used its systems to create fraudulent résumés, cover letters, and social media content for recruitment scams.
Phishing targets in the latest campaign included South Korean journalists, researchers, and human rights activists working on North Korea-related issues. The malicious emails were sent from an address ending in .mil.kr, an imitation of a South Korean military domain. The number of victims affected remains unclear.
Genians researchers tested ChatGPT during their investigation and found that while the tool initially refused to generate a government ID due to policy restrictions, altering the prompt allowed the hackers to bypass safeguards.
Experts warn this trend demonstrates how attackers are leveraging AI not only for attack planning and malware development but also for creating fake identities, impersonating recruiters, and conducting espionage.
American officials allege that North Korea continues to use cyberattacks, cryptocurrency theft, and IT contractors to gather intelligence, generate illicit funds, and support its nuclear weapons programme in defiance of international sanctions.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter |The Mainstream formerly known as CIO News Whatsapp Channel | The Mainstream formerly known as CIO News Instagram
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
