North Korean Hackers Use ChatGPT for Deepfake Military ID Phishing Campaigns

A North Korean state-sponsored hacking group called Kimsuky has used OpenAI's ChatGPT to create a deepfake South Korean military ID as part of a sophisticated phishing campaign targeting journalists, researchers, human rights activists, and military personnel in South Korea. The phishing emails, disguised to appear from legitimate military addresses ending in .mil.kr, contained malware designed to steal data from recipients' devices. Researchers from cybersecurity firms Genians and CrowdStrike revealed that the hackers bypassed ChatGPT's usage restrictions by altering prompts to produce convincing fake IDs, enhancing the credibility of their attacks. This represents a broader pattern of North Korea integrating AI tools like ChatGPT and Anthropic's Claude Code into espionage, including crafting fake résumés, passing coding tests, and infiltrating U.S. Fortune 500 companies. OpenAI has banned accounts linked to North Korea due to their misuse of AI to generate fraudulent content for recruitment and cyberespionage. Experts emphasize that North Korea now employs AI throughout the hacking process, from planning through execution, marking a significant escalation in cyber threat capabilities.