'North Korea-linked' hackers target South Korean defense-related organization using AI deepfake: Report

ANKARA

A hacking group allegedly linked to North Korea has carried out a cyberattack on South Korean organizations, including a defense-related institution, using artificial intelligence (AI)-generated deepfake images, a South Korean security institute report said Monday.

Kimsuky group, a hacking unit, which according to Seoul, is believed to be sponsored by the North Korean government, attempted a spear-phishing attack on a military-related organization in July, Seoul-based Yonhap news agency reported, citing a report released by the Genians Security Center (GSC).

Spear phishing is a fraudulent practice of sending emails from trusted sources to obtain confidential information.

According to the GSC report, the attackers sent an email attached with malicious code, disguised as correspondence about ID issuance for military-affiliated officials.

The ID card image used in the attempt was presumed to have been produced by a generative AI model.

Typically, AI platforms, such as ChatGPT, reject requests to generate copies of military IDs, quoting that government-issued identification documents are legally protected.

The hackers, nonetheless, appear to have bypassed restrictions by requesting mock-ups or sample designs for "legitimate" purposes, rather than direct reproductions of actual IDs.

The report further said such cases highlight Pyongyang's "growing attempts to exploit AI services for increasingly sophisticated malicious activities."

"While AI services are powerful tools for enhancing productivity, they also represent potential risks when misused as cyber threats at the level of national security," it said.

"Therefore, organizations must proactively prepare for the possibility of AI misuse and maintain continuous security monitoring across recruitment, operations and business processes," the report maintained.

*Writing by Aamir Latif