North Korean hackers use AI to create fake military IDs for attacks

Applications of AI
Michael LewisLeave a Comment on North Korean hackers use AI to create fake military IDs for attacks


newYou can listen to Fox's news articles!

A North Korean hacking group known as Kimsuky used ChatGpt to generate a fake draft of South Korean military IDs. The forged ID was then attached to a phishing email impersonating the South Korean defense agency responsible for issuing qualifications to military officials. Korean cybersecurity company Jénaian revealed the campaign in a recent blog post. CHATGPT has safeguards that block blocks that try to generate government IDs, but hackers have fooled the system. Jennaian said the model produced a mockup that looked realistic when prompts were assembled as “sample designs for legitimate purposes.”

Sign up for my free CyberGuy Report
Get my best tech tips, emergency security alerts, and exclusive transactions directly to your inbox. Plus, you'll get instant access to my ultimate scam survival guide – free when you join me cyberguy.com/newsletter

Virtual ID cards generated by AI

An example of a virtual ID card generated by AI. (genius)

How North Korean hackers use AI for global espionage

Kimsky is not a small operator. The group is linked to a series of espionage activities against South Korea, Japan and the United States in 2020, the US Department of Homeland Security said Kimsky “is most likely to be in charge of the mission of the global intelligence reporting agency by the North Korean regime.” Jenian, who revealed the fake ID scheme, said in this latest case it highlights how much AI has changed the game.

“Generative AI has lowered the barrier to intrusion for sophisticated attacks. As this case shows, hackers can now create highly persuasive fake IDs and other fraudulent assets at scale. The real concern is not just a single fake document, but the way these tools are used in combination. Sandy Kronenberg, CEO and founder of cybersecurity and IT services company Netarx, is verifying across multiple signals, including voice, video, email, and metadata, to reveal that AI-driven fraud cannot be completely hidden.

PNG file metadata

North Korea is not the only country that uses AI for cyberattacks.

Hackers abuse AI chatbots with cybercrime

Chinese hackers abuse AI for cyber attacks

North Korea is not the only country that uses AI for cyberattacks. Anthropic, an AI research company and creator of Claude Chatbot, reported that a Chinese hacker used Claude as a full-stack cyberattack assistant for over nine months. Hackers target Vietnamese telecom providers, agricultural systems and even government databases.

According to Openai, Chinese hackers tapped ChatGpt to create password brute-enhanced scripts to delve into sensitive information about US defense networks, satellite systems and identity verification systems. Some of our operations utilized ChatGpt to generate fake social media posts designed to blow up the political sector of the United States.

Google has seen similar behavior on the Gemini model. The Chinese group reportedly used it to troubleshoot the code and extend access to the network, but the North Korean hacker leaned against Gemini to draft a cover letter and scouted the job posting.

Google AI Email Summary Can Be Hacked to Hide Phishing Attacks

Attack scenario illustration

The above features a revival of hacker attack scenarios. (genius)

Why is the threat of hacking that drives AI important?

Cybersecurity experts say the shift is amazing. AI tools make it easier than ever for hackers to launch compelling phishing attacks, generate perfect fraud messages, and hide malicious code.

“The news that North Korean hackers fake Deepfake Military IDS using generated AI is a wake-up call. The rules of the phishing game have changed and the old signals we were dependent on are gone,” explained Clyde Williamson, senior product security architect at Protegrity, a data security and privacy company. “For years, employees were trained to look for typos and formatting issues. That advice no longer applies. They tricked ChatGpt into designing fake military IDs by asking for a 'sample template'. The results were clean and convincing.

“Security training requires a reset. You need to teach people to focus on context, intent and validation. That means encouraging teams to slow down, check sender information, review requests via other channels, and shame them in asking questions,” Williamson added. “On the technical side, businesses need to invest in email authentication, phishing-resistant MFA, and real-time surveillance. The threats are faster, smarter, and more persuasive. Our defenses are needed for the individual.

How AI Chatbots help hackers target your bank account

How to protect yourself from AI-powered scams

Keeping yourself safe in this new environment requires both awareness and action. Here's the steps you can take right now:

1) Slow down, check and use powerful virus prevention

If you receive an email, text, or phone call that feels urgent, please pause. Before you act, contact the sender to confirm your request through another trusted channel. At the same time, protect your device with powerful antivirus software to catch malicious links and downloads.

The best way to protect yourself from malicious links to install malware is to install powerful antivirus software on all your devices, as it may access your personal information. This protection can also warn you that it will phish email and ransomware fraud and keep your personal information and digital assets safe.

Get the best 2025 Antivirus Protection Winners picks for Windows, Mac, Android and iOS devices cyberguy.com/lockupyourtech

2) Use personal data removal service

Reduce risk by scrubbing personal information from data broker sites. These services help to remove sensitive details that scammers often use in targeted attacks. Although there is no service that guarantees the complete deletion of data from the Internet, data deletion services are truly a wise choice. They are not cheap and not your privacy either. These services do all of their work by proactively monitoring and systematically erasing personal information from hundreds of websites. It has given me peace of mind and has proven to be the most effective way to erase personal data from the internet. By limiting the available information, you reduce the risk that scammers cross-referencing your data from violations, providing information they may find on the dark web, making it difficult for them to target you.

Check out our top picks from our data deletion services to get a free scan and see if your personal information is already accessing the web cyberguy.com/delete

Get a free scan to see if your personal information is already visible on the web. cyberguy.com/freescan

3) Carefully check the sender details

Please check your email address, phone number, or social media handle. Even if the message appears to be polished, small inconsistencies can reveal the fraud.

4)Use Multifactor Authentication (MFA)

Turn on Multifactor Authentication (MFA) for your account. This adds an additional layer of protection even if the hacker steals your password.

5) Update the software

Update your operating system, apps and security tools. Many updates patch vulnerabilities that hackers are trying to exploit.

6) Report suspicious messages

If something feels bad, please report it to your IT team or email provider. Early reporting can stop wider damage.

7) raises doubts about the context

Ask yourself why you are receiving the message. Does that make sense? Are requests rare? Trust your instincts and check before taking action.

Click here to get the Fox News app

Important takeouts in your cart

AI is rewriting cybersecurity rules. North Korean and Chinese hackers have already used tools like ChatGpt, Claude and Gemini to infiltrate businesses, forge their identities and carry out elaborate fraud. Their attacks are cleaner, faster and more convincing than ever. Staying safe means staying vigilant at all times. Companies need to update their training and build stronger defenses. Before trusting digital requests, everyday users should question and double check what is being shown, as they are slowing down and ask.

Do you think AI companies are doing enough to stop hackers from misusing their tools, or are the responsibility becoming too heavy for everyday users? Write us a letter and let us know cyberguy.com/contact

Sign up for my free CyberGuy Report
Get my best tech tips, emergency security alerts, and exclusive transactions directly to your inbox. Plus, you'll get instant access to my ultimate scam survival guide – free when you join me cyberguy.com/newsletter

Copyright 2025 cyberguy.com. Unauthorized reproduction is prohibited.

Kurt “Cyberguy” Knutsson is an award-winning tech journalist who loves technology, gear and gadgets that will make your life better with his Fox News & Fox Business contributions in the morning of “Fox & Friends.” Do you have any technical questions? Get Kurt's free CyberGuy newsletter and share your voice, story ideas, or comments at Cyberguy.com.



Source link

Related Posts

Dedicated software development for AI-powered products: Efficiently expand intelligent applications | Nascom

Michael Lewis

Google Stitch AI design tool with Gemini Voice and agents

Michael Lewis

Senate considers a series of bills to regulate the use of AI in the workplace – InForum

Michael Lewis

Leave a Reply

Your email address will not be published. Required fields are marked *