North Korean Hackers Used ChatGPT to Help Forge Deepfake ID
A shocking new cyberattack has revealed that North Korean hackers have used the popular AI chatbot ChatGPT to create a deepfake identity document, further highlighting the growing threat of state-sponsored hacking groups in the region. The group responsible for the attack, dubbed Kimsuky by cybersecurity researchers, is suspected to be a North Korea-sponsored cyber-espionage unit with a history of targeting South Korean targets.
The attackers used ChatGPT to craft a fake draft of a South Korean military identification card, creating a realistic-looking image that would make phishing attempts seem more credible. Instead of including a real image, the email linked to malware capable of extracting data from recipients' devices, according to research published by Genians, a South Korean cybersecurity firm.
The malicious emails were sent to unsuspecting targets in South Korea, including journalists, researchers, and human rights activists focused on North Korea. The attackers even impersonated a South Korean military address with an email signature ending in .mil.kr, adding an air of authenticity to the phishing attempt.
Genians researchers experimented with ChatGPT while investigating the fake identification document and were able to bypass the AI's initial restriction on reproducing government IDs. This finding highlights the rapid evolution of cyberattack tactics and the growing use of emerging AI tools by North Korean hackers.
"The trend shows that attackers can leverage emerging AI during the hacking process, including attack scenario planning, malware development, building their tools and to impersonate job recruiters," said Mun Chong-hyun, director at Genians. "This is a significant concern for cybersecurity professionals and policymakers alike."
The use of ChatGPT and other AI tools by North Korean hackers is part of a broader trend in state-sponsored hacking efforts. Researchers have previously discovered that the group is linked to other spying efforts against South Korean targets, including using cryptocurrency theft and IT contractors to gather information on behalf of the government.
American officials have alleged that North Korea is engaged in a long-running effort to use cyberattacks, cryptocurrency theft, and IT contractors to gather information on behalf of the government in Pyongyang. These tactics are also used to generate funds meant to help the regime subvert international sanctions and develop its nuclear weapons programs.
The Implications of this Attack
The attack highlights the growing threat of state-sponsored hacking groups and their use of emerging AI tools. It also underscores the importance of cybersecurity awareness and education in preventing such attacks. As the use of AI tools by hackers continues to evolve, it is essential for individuals and organizations to stay vigilant and adapt their security measures accordingly.
The Response
Genians researchers are urging individuals and organizations to be cautious when interacting with emails or messages that seem too good (or bad) to be true. They also recommend regularly updating software, using strong passwords, and enabling two-factor authentication to prevent falling victim to phishing attacks.
The Future of Cybersecurity
The use of ChatGPT and other AI tools by North Korean hackers is a significant concern for the cybersecurity community. As these tools continue to evolve, it will be essential for researchers and policymakers to stay one step ahead of these threats. By working together, we can build a safer online environment and prevent the spread of misinformation and cyberattacks.