ChatGPT initially blocked the ID creation requests, but hackers bypassed safeguards by rephrasing prompts.
AI tools, including Claude and ChatGPT, are increasingly used in state-sponsored cyber-espionage operations.
Hackers even spoofed official South Korean military email addresses to enhance phishing credibility.
In a recent phishing campaign, a hacker group with ties to North Korea is allegedly creating fake South Korean military ID cards using OpenAI’s well-known AI chatbot, ChatGPT, according to new research from Genians. The group, known as Kimsuky, reportedly created a fake draft of a military ID to make malicious emails appear more authentic.
SurveyAccording to Genians’ report, the phishing message was linked to malware that could steal data from victims’ devices instead of an authentic attachment. South Korean journalists, researchers, and human rights activists who focused on North Korea were among those targeted.
The group is said to be a state-sponsored cyber-espionage unit that has previously been linked to intelligence operations against South Korea and other countries. According to a 2020 advisory from the US Department of Homeland Security, the group works on Pyongyang’s behalf to conduct global surveillance activities.
The researchers stated that ChatGPT initially rejected the prompts to generate a government ID image, but the attackers were able to get around the safeguard by rephrasing their requests. While the deepfake ID appeared realistic, its purpose was to add credibility to the phishing lure rather than to provide an actual document.
The incident highlights a growing trend of North Korean operatives using artificial intelligence in cyber operations. Anthropic, an AI firm, reported in August that hackers from the country had used its Claude tool to pose as software developers and secure remote work with US technology companies. Earlier this year, OpenAI announced that it had banned North Korean accounts that attempted to use its platform to create fraudulent résumés and recruitment materials.
According to Genians, AI tools are now being used at various stages of cyberattacks, ranging from planning and malware development to impersonation of trusted entities. In this latest case, hackers even spoof an official South Korean military email address ending in.mil.kr to deceive recipients.
Follow Us
Ashish Singh
Ashish Singh is the Chief Copy Editor at Digit. He's been wrangling tech jargon since 2020 (Times Internet, Jagran English '22). When not policing commas, he's likely fueling his gadget habit with coffee, strategising his next virtual race, or plotting a road trip to test the latest in-car tech. He speaks fluent Geek. View Full Profile
