Cybersecurity·deepfakesNorth Korean hackers used ChatGPT to help forge deepfake IDBy Jane Lanhee LeeBy BloombergBy Jane Lanhee LeeBy Bloomberg A suspected North Korean state-sponsored hacking group used ChatGPT to create a deepfake of a military ID document to attack a target in South Korea.Li Hongbo—VCG via Getty ImagesA suspected North Korean state-sponsored hacking group used ChatGPT to create a deepfake of a military ID document to attack a target in South Korea, according to cybersecurity reers.
Attackers used the artificial intelligence tool to craft a fake draft of a South Korean military identification card in order to create a realistic-looking image meant to make a phishing attempt seem more credible, according to re published Sunday by Genians, a South Korean cybersecurity firm.
Instead of including a real image, the linked to malware capable of extracting data from recipients’ devices, according to Genians.
The group responsible for the attack, which reers have dubbed Kimsuky, is a suspected North Korea-sponsored cyber-espionage unit previously linked to other spying efforts against South Korean targets.
The US Department of land Security said Kimsuky “is most ly tasked by the North Korean regime with a global intelligence-gathering mission,” according to a 2020 advisory.
The findings by Genians in July are the example of suspected North Korean operatives deploying AI as part of their intelligence-gathering work.
Anthropic said in August it discovered North Korean hackers used the Claude Code tool to get hired and work remotely for US Fortune 500 companies.
In that case, Claude helped them build up elaborate fake identities, pass coding assessments and der actual nical work once hired.
OpenAI said in February it had banned suspected North Korean accounts that had used the service to create fraudulent résumés, cover letters and social media posts to try recruiting people to aid their schemes.
The trend shows that attackers can leverage emerging AI during the hacking cess, including attack scenario planning, malware development, building their tools and to impersonate job recruiters, said Mun Chong-hyun, director at Genians.
Phishing targets in this cybercrime spree included South Korean journalists and reers and human rights activists focused on North Korea.
It was also sent from an address ending in .mil.kr, an impersonation of a South Korean military address. Exactly how many victims were breached wasn’t immediately .
Genians reers experimented with ChatGPT while investigating the fake identification document.
As reduction of government IDs are illegal in South Korea, ChatGPT initially returned a refusal when asked to create an ID. But altering the mpt allowed them to bypass the restriction.
American officials have alleged that North Korea is engaged in a long-running effort to use cyberattacks, cryptocurrency theft and IT contractors to gather information on behalf of the government in Pyongyang.
Those tactics are also used to generate funds meant to help the regime subvert international sanctions and develop its nu weapons grams, according to the US government.Fortune Global Forum returns Oct.
26–27, 2025 in Riyadh. CEOs and global leaders will gather for a dynamic, invitation-only event shaping the future of . Apply for an invitation.