TLDR: The North Korean state-sponsored hacking group Kimsuky has been identified using OpenAI’s ChatGPT to generate highly realistic fake South Korean military identification cards. These AI-forged documents were then deployed in sophisticated phishing campaigns targeting South Korean journalists, researchers, and defense personnel, marking a significant escalation in AI-driven cyber espionage.
A recent cybersecurity alert has revealed that the notorious North Korean state-linked hacking group, Kimsuky, has adopted advanced artificial intelligence tools, specifically OpenAI’s ChatGPT, to enhance its cyber espionage capabilities. The group successfully utilized the large language model to create convincing mock-ups of South Korean military identification cards, which were subsequently used in a targeted phishing campaign.
According to cybersecurity firm Genians, which uncovered the operation in mid-2025, the attackers managed to bypass ChatGPT’s inherent restrictions against generating government identification by employing carefully manipulated prompts. These AI-generated IDs were then embedded or referenced in phishing emails designed to impersonate legitimate South Korean defense institutions. The emails, appearing highly credible, aimed to trick recipients into clicking malicious links or downloading malware-laden attachments capable of siphoning sensitive data.
The primary targets of this sophisticated campaign included South Korean journalists, researchers, human rights activists focused on North Korea, and defense-sector personnel. The use of AI-generated deepfake military IDs represents a significant tactical advancement for Kimsuky, a group long known for its cyber-espionage activities against South Korea, the U.S., and its allies.
This incident underscores a critical evolution in North Korea’s cyber strategy, which has increasingly embraced AI to bolster deception. Experts note that while ChatGPT initially refused to create the IDs, the hackers’ ability to circumvent these safeguards highlights the growing challenge of preventing the weaponization of commercial AI platforms by nation-state actors. The integration of AI tools makes these attacks more convincing and harder to detect, raising the stakes in social engineering.
North Korea’s cyber operations are extensive, with an estimated 6,000 hackers reportedly conducting increasingly sophisticated activities since 2014, including high-profile incidents like the Sony Pictures hack. These cyber activities are crucial for Pyongyang’s sanctions evasion and revenue generation, financing its nuclear weapons ambitions.
Also Read:
- Generative AI Tools Linked to Widespread Sensitive Data Exposure in Early 2025
- OpenAI Internally Tests ‘GPT-Alpha,’ a New GPT-5 Powered AI Agent with Advanced Capabilities
Microsoft and OpenAI have also indicated that other state-sponsored groups, including Russia’s Fancy Bear, China’s Charcoal Typhoon, and Iran’s Crimson Sandstorm, have used large language models for intelligence gathering and phishing operations, such as researching satellite communication protocols or creating counterfeit documents. This broader trend emphasizes that AI-powered cybercrime is no longer theoretical, necessitating updated employee awareness training, stronger authentication protocols, and investment in tools capable of detecting synthetic media to stay ahead of adversaries.
