North Korean cyber operatives are increasingly incorporating artificial intelligence (AI) into their tactics, leveraging technology to pilfer advanced technologies and acquire funds for their illicit nuclear weapons program. Over the years, these hackers have honed their focus on personnel from global defense, cybersecurity, and cryptocurrency companies, employing tactics on platforms like LinkedIn to deceive users into divulging sensitive information or granting access to computer networks and crypto wallets.
Renowned cyber attacks attributed to North Korea include the notorious theft of $951 million from Bangladesh’s central bank and the WannaCry ransomware assault on the UK’s National Health Service in 2017.
Recent revelations from ChatGPT developer OpenAI and its investor Microsoft confirm the involvement of North Korean, Chinese, Russian, and Iranian hackers in utilizing AI services to support malicious cyber activities. South Korea has detected instances where North Korean hackers employed generative AI, a technology that mimics human capabilities, to target security officials. The South Korean intelligence community remains vigilant, acknowledging the potential misuse of generative AI by North Korea.
Last year, South Korea experienced a staggering 1.62 million hacking attempts, with over 80% traced back to North Korea, as reported by the National Intelligence Service. However, the effectiveness of North Korean phishing and social engineering has been hindered by hackers’ limited proficiency in colloquial English or Korean.
The adoption of generative AI poses a significant challenge, according to Erin Plante, Vice President of Investigations at crypto-focused cybersecurity company Chainalysis. North Korean hacking groups have utilized generative AI to create convincing recruiter profiles on platforms like LinkedIn, allowing them to build relationships over an extended period.
Plante highlighted a case in which North Korean hackers, posing as recruiters from a Singaporean cryptocurrency exchange on LinkedIn, targeted a senior engineer at a Japanese exchange. The engineer was tricked into downloading software, ultimately infecting it with North Korean spyware. The attacks are becoming increasingly sophisticated, involving detailed profiles on professional networking sites.
Shreyas Reddy, an analyst with Seoul-based information service NK Pro, noted that while LinkedIn is a favored hunting ground for North Korean recruiters, they also exploit other platforms such as Facebook, WhatsApp, Telegram, and Discord for phishing attempts.
AI services like ChatGPT could potentially aid North Korean hackers in developing more advanced forms of malicious software or malware to infiltrate computer networks. Despite safeguards in these services, individuals have found ways to circumvent them, with North Koreans benefitting from access to Chinese AI services.
North Korea has dedicated decades to building its cyber capabilities, with the money generated from criminal cyber operations funding ballistic missile and nuclear programs, according to a UN panel of experts monitoring international sanctions. Researchers in North Korea have published numerous AI-related studies, and the country established an Artificial Intelligence Research Institute in 2013, with several universities introducing AI-focused programs.
While the sophistication of North Korean AI systems appears to be in its early stages, experts caution that the true extent of their capabilities may be concealed intentionally. Academic papers published in North Korean scientific journals, often in collaboration with Chinese scholars affiliated with military institutions, provide insight into Pyongyang’s exploration of AI applications for war gaming simulations and nuclear reactor operations.