North Korea-related hacking groups have carried out cyberattacks on South Korean organizations, including defense-related agencies, using deepfake images generated by artificial intelligence (AI), the report states Monday.
The Kimsky Group, a hacking unit believed to be sponsored by the North Korean government, attempted a spear phishing attack on military-related organizations in July, according to a report by the Genians Security Center (GSC), a South Korean security lab.
Spear phishing is a targeted cyberattack and is often done through personalized emails that are pretending to be trustworthy sources.
The attacker said he sent an email attached to malicious code that was disguised as a communication regarding the issuance of a military official's identity. The ID card images used in the attempt were estimated to have been generated by the Generated AI model, marking the case where Kimsuky group applies Deepfake technology.
Typically, AI platforms such as CHATGPT reject requests to generate copies of military IDs, stating that government-issued identification documents are legally protected.
However, the GSC report noted that it appears that hackers have bypassed the limits by requesting mockups or sample designs for “legitimate” purposes rather than direct replicating the actual ID.
The findings follow another report published by US-based humanity, the developer of AI service Claude.
The report found that workers generated virtual identities to receive technical assessments during job search, part of a broader scheme to avoid international sanctions and secure the administration's foreign currency.
The GSC said such incidents highlight North Korea's growing attempt to leverage AI services for increasingly sophisticated and malicious activities.
“AI services are powerful tools for increasing productivity, but also represent potential risks if exploited as a cyber threat at the national security level,” he said.
“As a result, organizations must actively prepare for possible AI misuse and maintain continuous security monitoring throughout their recruitment, operations and business processes.”
