A suspected North Korean state-sponsored hacking group used ChatGPT to create a deepfake of a military ID document to attack a target in South Korea, according to cybersecurity researchers.
Attackers used the artificial intelligence tool to make a fake draft of a South Korean military identification card to create a realistic-looking image meant to make a phishing attempt seem more credible, said the research published on Sunday by Genians, a South Korean cybersecurity firm. Instead of including a real image, the email linked to malware capable of extracting data from recipients’ devices, according to Genians.
The group responsible for the attack, which researchers have dubbed Kimsuky, is a suspected North Korea-sponsored cyberespionage unit previously linked to other spying efforts against South Korean targets. The US Department of Homeland Security said Kimsuky “is most likely tasked by the North Korean regime with a global intelligence-gathering mission”, according to a 2020 advisory.
ChatGPT initially refused to create the IDs, but altering the prompt allowed hackers to bypass this restriction. Photo: AFP
The findings by Genians in July are the latest example of suspected North Korean operatives deploying AI as part of their intelligence-gathering work. Anthropic said in August it discovered North Korean hackers used the Claude Code tool to get hired and work remotely for US Fortune 500 tech companies. In that case, Claude helped them build up elaborate fake identities, pass coding assessments and deliver actual technical work once hired.
OpenAI representatives did not immediately respond to a request for comment outside normal working hours. The company said in February it had banned suspected North Korean accounts that had used the service to create fraudulent résumés, cover letters and social media posts to try recruiting people to aid their schemes.
The trend shows that attackers can leverage emerging AI during the hacking process, including attack scenario planning, malware development, building their tools and impersonating job recruiters, said Mun Chong-hyun, director at Genians.
Phishing targets in this latest cybercrime spree included South Korean journalists and researchers and human rights activists focused on North Korea. It was also sent from an email address ending in .mil.kr, an impersonation of a South Korean military address.
As South Korean President Lee Jae-myung pushes ahead with his ambitious plan to relocate the presidential office back to the historic Cheong Wa Dae complex,…
US House Republicans are standing firm against any TikTok divestiture deal that would leave Chinese owner ByteDance with a stake in the popular app, as…
European officials are studying a trade deal announced between the United States and Britain on Thursday for signs of how US President Donald Trump may…
North Korean cyber spies created two businesses in the US, in violation of Treasury sanctions, to infect developers working in the cryptocurrency industry with malicious…
China has issued public guidance on using OpenClaw, and reportedly restricted its use in government agencies, as regulators push back against surging use of the…
Greek defence authorities have arrested a member of the Greek defence forces accused of leaking “secret information” to “third parties”, the Greek National Defence General…
