A hacking group believed to be backed by the North Korean government has been caught using artificial intelligence (AI) tools such as ChatGPT to create deepfake military identifications (IDs) for South Korean soldiers in an attempt to launch cyber attacks.
According to a report by South Korean cybersecurity firm Genians, as cited by Bloomberg on September 14 (local time), the hacking group known as Kimsuky is reportedly engaged in global intelligence-gathering missions on behalf of the North Korean regime.
The Genians report details how Kimsuky hackers utilized ChatGPT to draft South Korean military identification cards, thereby making their phishing emails appear more authentic. These emails contained links embedded with malware capable of extracting data from the recipient’s device.
This cyber attack primarily targeted South Korean journalists, researchers, and North Korean human rights activists. The hackers disguised their email addresses using .mil.kr domains to mimic legitimate military institutions. Genians researchers discovered that while ChatGPT initially refused requests to generate government-issued IDs, the hackers managed to circumvent this safeguard by manipulating the AI’s prompts.
Genians analysts view this incident as the latest example of North Korean hackers actively incorporating AI into their intelligence-gathering operations.
In a related incident last August, AI company Anthropic uncovered a case where North Korean hackers used their AI tool Claude to pose as remote workers at a U.S. Fortune 500 tech company. These hackers created sophisticated fake identities, passed coding tests, and even performed actual work tasks.
Bloomberg also reported that OpenAI, the company behind ChatGPT, had previously blocked accounts suspected of having ties to North Korea. These accounts allegedly attempted to recruit individuals by generating false resumes, cover letters, and social media posts using ChatGPT.
The U.S. government has warned that North Korea is employing various tactics—including cyber attacks, cryptocurrency theft, and information technology (IT) personnel infiltration—to gather intelligence and secure funding. These efforts are believed to be aimed at circumventing international sanctions and financing their nuclear weapons program, Bloomberg added.
