North Korean hackers used ChatGPT to create a fake South Korean military ID for a phishing attack

A North Korea-backed hacking group called Kimsuky used ChatGPT to build a fake South Korean military ID and launched a phishing attack targeting journalists, researchers, and human rights workers, according to cybersecurity firm ￰0￱ email carrying the deepfake ID contained malware built to steal information from the recipients’ ￰1￱ campaign is part of a wider pattern of North Korean cyber-operations using AI to carry out global ￰2￱ phishing email was disguised to look like it came from a real military account, ending ￰3￱ was no photo attachment, no image of the ID. Instead, there was a hidden payload ready to infect the target’s ￰4￱ confirmed that the fake military ID was generated using ChatGPT after bypassing the platform’s ￰5￱ asked to generate the ID directly, the tool initially ￰6￱ researchers managed to bypass the block by changing how the prompt was ￰7￱ the prompt was rewritten, the system produced a convincing draft, enough to bait victims into clicking the embedded ￰8￱ tools help North Korean hackers build fake résumés, identities, and malware The same strategy wasn’t limited to South ￰9￱ August, the AI firm Anthropic said it found North Korean hackers using its Claude Code model to apply for remote jobs with ￰10￱ 500 ￰11￱ hackers used Claude to pass coding interviews, create full work histories, and even do technical assignments after getting ￰12￱ operation gave North Korea direct access to corporate systems inside the ￰13￱ needing to break through any ￰14￱ February, OpenAI banned accounts tied to North Korea that had used its tools to make fake résumés, cover letters, and social media ￰15￱ profiles were designed to trick people into helping the regime’s campaigns, knowingly or ￰16￱ Chong-hyun, director at Genians, said these new techniques show how North Korea has now integrated AI at every stage of the hacking process, from planning and tool creation to phishing and impersonation.

“Attackers can use AI to map scenarios, write malware, and even pretend to be recruiters,” Mun ￰17￱ ￰18￱ has said that North Korea’s cyber efforts are part of a bigger ￰19￱ believe the regime in Pyongyang is using hacking, crypto theft, and shadow IT contracts to collect data, gather intelligence, and generate funds to support its nuclear weapons program while dodging international ￰20￱ in 2020, the ￰21￱ of Homeland Security issued a formal advisory describing Kimsuky as being “most likely tasked by the North Korean regime with a global intelligence-gathering mission.” The group has been active since 2012 and has focused its attacks on foreign policy experts, think tanks, and government agencies in South Korea, Japan, and the United ￰22￱ of the time, they use spearphishing emails to gain entry into systems, extract sensitive information, and track high-level discussions about nuclear strategy, sanctions, and regional ￰23￱ South Korean officials warn of rising threat The Genians report also confirmed that the latest victims were carefully ￰24￱ hackers went after people with strong ties to issues surrounding North Korea, such as activists, journalists, and defense researchers.

It’s still unknown how many devices were actually ￰25￱ the fact that they were able to spoof a South Korean military email domain and insert malware into a seemingly harmless message shows how dangerous this method ￰26￱ the investigation, Genians tried replicating the hackers’ method using ChatGPT ￰27￱ experiment confirmed that while ChatGPT is designed to block illegal content like fake government IDs, attackers were still able to work around it with minor changes in ￰28￱ end result was an ID template that didn’t look suspicious until it was too late. CISA, FBI, and CNMF have now called on anyone working in sensitive fields related to North Korea to tighten their ￰29￱ warned that Kimsuky continues to use phishing, fake recruiter accounts, and spoofed domains to get into ￰30￱ main suggestions include enabling multi-factor authentication, rolling out phishing awareness training, and setting up stronger filters for suspicious ￰31￱ ￰32￱ community has long said that cyber operations are now one of North Korea’s primary tools for bypassing ￰33￱ seen where it ￰34￱ in Cryptopolitan Research and reach crypto’s sharpest investors and builders.