North Korean Hackers Used ChatGPT To Forge Deepfake Military ID in Cyberattack

A suspected North Korean state-sponsored hacking group used ChatGPT to create a deepfake South Korean military ID as part of a cyberattack

Attackers developed a fake ID card to boost their credibility during their phishing operation, as reported by Bloomberg. Instead of including a real image, the phishing email contained a link that triggered a malware download, designed to steal data from victims’ devices.

The hackers are believed to be part of Kimsuky, a group long suspected of working for Pyongyang. The US Department of Homeland Security said in 2020 that Kimsuky “is most likely tasked by the North Korean regime with a global intelligence-gathering mission,” as reported by Bloomberg.

Phishing targets in this latest attack included South Korean journalists, researchers, and human rights activists focusing on North Korea. Bloomberg explains that the phishing emails even used an address ending in “.mil.kr” to mimic the South Korean military. It remains unclear how many people were affected.

Attackers can leverage emerging AI during the hacking process, including attack scenario planning, malware development, building their tools and to impersonate job recruiters,” said Mun Chong-hyun, director at Genians, the South Korean cybersecurity firm who first discovered the attack.

Bloomberg reports how Genians researchers discovered that ChatGPT initially refused to create an ID when asked, since reproducing government IDs is illegal in South Korea. But altering the prompt allowed them to bypass the restriction.

This isn’t the first case of North Korean hackers exploiting AI. For example, Anthropic reported in August that hackers used its Claude Code tool to get remote jobs at US Fortune 500 companies.

US officials warn North Korea continues to rely on cyberattacks, cryptocurrency theft, and IT contractors to both gather intelligence and fund its nuclear program.