Hackers exploited ChatGPT to create a forged version of a South Korean military ID card in an attempt to trick recipients and gain access to their computers, according to Genians, a South Korean security company that uncovered the attack in July. Bloomberg reported Sunday that the hackers used AI capabilities to design a draft military ID that appeared authentic.
The fake card was used as bait. The hackers sent phishing emails disguised as requests to review a draft of a government employee's military ID. When recipients clicked the link to download the compressed file containing the supposed draft, they instead received malware. Once activated, the software installed the doctored ID image along with additional malicious files that enabled data theft and remote control of the infected devices.
The targets included journalists, academic researchers, and human rights activists focusing on North Korea. To boost credibility, the hackers sent the emails from an address ending in ".mli.kr," a domain crafted to mimic an official South Korean military address. The number of victims has not yet been determined.
A familiar spy unit with upgraded tools
The attack is believed to have been carried out by Kimsuky, a cyber-espionage unit suspected of operating under the orders of the North Korean regime. Kimsuky has been linked to multiple operations against South Korea. In 2020, the US Department of Homeland Security assessed that the group likely operates at the direction of Pyongyang and focuses on intelligence gathering worldwide.
It is not the first time Pyongyang has harnessed popular AI tools. In August, the US company Anthropic disclosed that North Korean hackers used its Claude Code platform to build fake identities, land jobs at major US tech firms, and even perform paid programming tasks. In February, OpenAI reported that it blocked accounts linked to attempts to create fake documents for recruitment and fraud.
Moon Chung-hyun of Genians said the case illustrates how cybercriminals are adapting cutting-edge technologies for malicious purposes, from planning attacks and developing malware to impersonating potential employers.
When Genians researchers attempted to replicate the process, ChatGPT initially refused to generate a forged government ID, citing South Korean law. But by rephrasing their request, they were able to bypass the restriction.
The US government has long warned that North Korea's cyber operations serve a dual purpose: espionage and revenue generation. By hacking computers, stealing cryptocurrency, and hiring programmers under false identities, the regime secures funds that help it evade international sanctions and advance its nuclear program.
