Hackread reports that North Korean state-sponsored advanced persistent threat operation Kimsuky has harnessed artificial intelligence-generated military IDs as part of a new spear-phishing campaign initially discovered in July.
Malicious emails purporting to be ID issuance tasks from a South Korean defense organization were sent by Kimsuky to spread a ZIP file containing deepfaked military IDs, which when opened, trigger the covert download of an illicit file, according to an analysis from the Genians Security Center.
Attackers then exploit batch files and AutoIt scripts to inject an illicit task masquerading as a Hancom Office update, while also using the "Start_juice" and "Eextract_juice" strings present in previous intrusions.
Such an attack campaign which comes after North Korean hackers were reported by OpenAI to have exploited AI to craft bogus identities for job interviews represents a shift from Kimsuky's ClickFix intrusions.
Organizations have been urged to adopt endpoint detection and response systems to better mitigate the threats of AI-powered cyber intrusions.
