North Korean Hackers Employ AI in Cyber Schemes, Reports Say

Hackers linked to North Korea are increasingly turning to artificial intelligence to execute fraudulent schemes and hacks, according to the Financial Times.

A South Korean intelligence representative told the publication that perpetrators from the neighboring country are using generative AI to deceive and compromise security personnel.

In 2023, out of 1.62 million hacking attempts against South Korean companies and government bodies, over 80% were attributed to North Korea.

However, North Korean hackers often failed due to poor language skills and a lack of understanding of local social interactions, according to South Korean speakers.

Erin Plante, Vice President of Research at Chainalysis, noted that hackers’ interest in AI represents a new significant threat.

“North Korean hacking groups create convincing recruiter profiles on professional sites like LinkedIn. Generative neural networks help them communicate, send messages, create images, and new identities—everything needed to build close relationships with the victim,” she explained.

Plante described an incident where North Korean hackers deceived a senior engineer at a Japanese cryptocurrency exchange by posing as representatives of a Singaporean company. They asked the victim to conduct a “technical test” by downloading software, which turned out to be phishing.

“The attacks are becoming more sophisticated—we are not talking about poorly worded emails saying ‘click the link’. These are detailed profiles on LinkedIn and other social networks that they use to build relationships over weeks and months,” the researcher added.

Shreyas Reddy, an analyst at Seoul-based information service NK Pro, stated that users of other platforms, including Facebook, WhatsApp, Telegram, and Discord, are also at risk.

In his view, AI services like ChatGPT help North Korean criminals develop more complex forms of malware. These tools have security measures to prevent malicious use, but even ordinary users can bypass the restrictions, Reddy added.

Hyuk Kim, a research associate at the James Martin Center for Nonproliferation Studies, noted that over the past two decades, North Korean researchers have published “hundreds of articles” on AI.

In one 2022 paper, they discussed a machine learning method for simulating military actions. Another article from the same year examined how large language models could assist in operating a nuclear reactor.

“As far as we can tell, the sophistication of North Korean AI systems is still in its infancy. But it is also possible that they simply do not want to reveal their capabilities,” Kim concluded.

Previously, developers at OpenAI thwarted the use of their products by cybercriminals linked to various governments. In collaboration with Microsoft Threat Intelligence, they removed five accounts of perpetrators, including those associated with North Korean hacking groups.

In 2023, North Korean hackers stole at least $600 million and were responsible for nearly a third of cyber incidents, according to a TRM Labs report.