Particle.news

Download on the App Store

Kimsuky Used ChatGPT to Forge Military ID in South Korea Phishing, Report Says

Researchers link the July spear-phishing to Kimsuky based on prompt‑engineered deepfake IDs.

Overview

  • South Korean firm Genians reported that suspected DPRK unit Kimsuky generated a fake South Korean military ID image with ChatGPT to bolster a spear‑phishing lure.
  • The campaign, detected on July 17, targeted a defense‑related organization along with journalists, North Korea researchers and human‑rights activists.
  • Attack emails masqueraded as an ID card “draft review” and used a deceptive look‑alike domain, mli.kr, to mimic the official mil.kr address.
  • The lure delivered malware tied to earlier Kimsuky ClickFix operations, with capabilities for internal data theft and remote control, according to Genians.
  • Genians said the operators bypassed AI guardrails by requesting “mock‑up” designs, aligning with Anthropic and OpenAI findings on broader North Korean misuse of generative AI.