Fake military IDs, bogus résumés: How North Korean and Chinese hackers use AI tools to infiltrate companies and other targets

Recent investigations reveal that North Korean and Chinese hacker groups are leveraging advanced AI tools to enhance their cyber espionage activities and infiltrate various organizations. A notable case involves the North Korean hacking collective known as Kimsuky, which utilized ChatGPT to create a counterfeit draft of a South Korean military identification card. These fraudulent IDs were sent in phishing emails purporting to be from a South Korean defense agency responsible for issuing credentials to military personnel. Cybersecurity firm Genians highlighted that Kimsuky has been associated with numerous espionage operations targeting individuals and institutions in South Korea, Japan, and the United States. The U.S. Department of Homeland Security previously indicated that this group is likely on a worldwide intelligence-gathering mission directed by the North Korean regime. While ChatGPT has safeguards to prevent the generation of authentic government IDs, it can still be manipulated into producing realistic mock-ups by framing requests as sample designs for legitimate purposes, according to Genians. This is not an isolated incident; last month, Anthropic reported that North Korean hackers had employed its AI tool, Claude, to secure fraudulent remote jobs with American Fortune 500 technology firms. They crafted convincing résumés, passed coding assessments, and completed actual technical assignments once they gained employment. U.S. officials have previously warned that North Korean operatives are infiltrating U.S. companies using stolen identities as part of broader extortion schemes. Furthermore, Anthropic noted that a Chinese hacker spent over nine months utilizing Claude as a comprehensive cyberattack assistant against significant Vietnamese telecommunications providers and government databases. In June, an OpenAI report indicated that Chinese hackers have also tapped into ChatGPT for their cyber campaigns. They requested the AI to generate scripts for "password bruteforcing"—a method that attempts to guess username and password combinations. Additionally, they employed ChatGPT to gather intelligence on U.S. defense networks and government ID verification processes. OpenAI flagged a China-based influence operation that created divisive social media posts using ChatGPT, including generating fake profile images to enhance the authenticity of their accounts. This highlights the growing trend of AI misuse in cyber operations. Moreover, North Korean and Chinese hackers have explored Google's Gemini to expand their tactics. Chinese groups have utilized the chatbot for code troubleshooting and gaining deeper access to targeted networks, while North Korean actors have used it to draft fake cover letters and scout potential IT job openings. Despite these challenges, tech companies like OpenAI and Google are continuously refining their defenses against such threats. Cybersecurity experts have long cautioned that AI could significantly lower the barrier for conducting hacking and disinformation campaigns. As malicious actors increasingly exploit AI models, the frequency of attacks is rising, with many experts observing that even those with minimal technical skills can now easily create convincing phishing messages and impersonate legitimate entities. The evolving landscape of cyber threats underscores the urgent need for enhanced security measures as AI continues to play a pivotal role in both facilitating and combating cybercrime.