North Korean operation uses ChatGPT to forge military IDs as part of cyberattack therecord.media/north-kor…

North Korean hackers exploited OpenAI’s ChatGPT to generate deepfake military ID cards in a phishing campaign against South Korean defense-related institutions, researchers have found.

The July attack was attributed to the Kimsuky group, also known as APT43, which has been sanctioned by Washington and its allies for supporting Pyongyang’s foreign policy and sanctions-evasion efforts through intelligence-gathering operations.

According to South Korean cybersecurity firm Genians, the hackers used ChatGPT to create sample images of South Korean government and military employee ID cards. The images were embedded in phishing emails crafted to appear as if they came from a legitimate South Korean defense agency handling identification services for military officials.

The emails delivered a fake ID card alongside malware that enabled data theft and remote access to victims’ systems.