North Korean hackers use ChatGPT to create deepfake military IDs
What's the story
A suspected state-sponsored hacking group from North Korea has been accused of using OpenAI's ChatGPT to create a deepfake military identification card. The move was part of an attempt to launch a cyber attack on South Korea, Genians, a South Korean cybersecurity firm, said in its report. The fake ID was created using the AI tool and was intended to make phishing attempts look more authentic.
Cyber strategy
Spy group 'Kimsuky' behind the attack
Instead of a real image, the attackers linked malware capable of extracting data from recipients' devices. The group behind the attack, dubbed Kimsuky, is believed to be a North Korean-sponsored cyber-espionage unit with ties to other spying efforts against South Korean targets. A 2020 advisory by the US Department of Homeland Security had said Kimsuky "is most likely tasked by the North Korean regime with a global intelligence-gathering mission."
Recruitment tactics
Hackers used AI to get jobs at tech firms
In August, Anthropic revealed that North Korean hackers had used its Claude Code tool to get hired and work remotely for US Fortune 500 tech companies. The AI tool helped them create elaborate fake identities, pass coding assessments, and deliver actual technical work once hired. OpenAI had also banned suspected North Korean accounts in February that used its service to create fraudulent resumes, cover letters, and social media posts for recruitment purposes.
AI abuse
Phishing attacks on South Korean journalists and researchers
Mun Chong-hyun, director at Genians, said the trend shows attackers can use emerging AI during the hacking process. This includes attack scenario planning, malware development, building their tools, and impersonating job recruiters. The latest phishing targets were South Korean journalists and researchers as well as human rights activists focusing on North Korea.
AI interaction
Genians researchers bypassed ChatGPT's restrictions to create fake IDs
While investigating the fake ID document, Genians researchers tried using ChatGPT. As reproducing government IDs is illegal in South Korea, ChatGPT initially refused to create an ID. However, by changing the prompt, they were able to bypass this restriction.