Overview

• South Korean firm Genians reported that suspected DPRK unit Kimsuky generated a fake South Korean military ID image with ChatGPT to bolster a spear‑phishing lure.
• The campaign, detected on July 17, targeted a defense‑related organization along with journalists, North Korea researchers and human‑rights activists.
• Attack emails masqueraded as an ID card “draft review” and used a deceptive look‑alike domain, mli.kr, to mimic the official mil.kr address.
• The lure delivered malware tied to earlier Kimsuky ClickFix operations, with capabilities for internal data theft and remote control, according to Genians.
• Genians said the operators bypassed AI guardrails by requesting “mock‑up” designs, aligning with Anthropic and OpenAI findings on broader North Korean misuse of generative AI.