AI-Based Attacks , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

North Korean Hackers Using AI in Advanced Cyberattacks

U.S.-Led Sanctions Do Little to Curtail North Korea's Development of AI
North Korean Hackers Using AI in Advanced Cyberattacks
Students at a computer learning program at the Grand People's Study House in Pyongyang (Image: Shutterstock)

South Korea's intelligence agency reported Wednesday that North Korean hackers are using generative AI technology to conduct sophisticated cyberattacks and identify hacking targets.

See Also: Live Webinar | Digital Doppelgängers: The Dual Faces of Deepfake Technology

An official from the National Intelligence Service said the agency is monitoring North Korea's use of generative AI in cyberwarfare efforts.

"North Korean hackers are using generative AI to find hacking targets and technologies needed for hacking," the official told the Yonhap News Agency.

The National Intelligence Service announced its cyberthreat outlook for 2024 on Thursday, highlighting the use of generative AI by cybercriminals for phishing and voice phishing, known as vishing, which involves posing as recognized companies or individuals over phone calls to deceive victims.

The agency also warned of potential North Korean efforts to disrupt infrastructure and public services, spread disinformation, and influence elections through hacking.

"Fluctuating dynamics around the Korean Peninsula, such as intensified Korea-U.S.-Japan cooperation and increased North Korea-Russia exchanges, are leading to more hacking attempts on our diplomatic, security, and advanced K-technology sectors by North Korea and China," NIS warned.

The official reported that in 2023, 80% of hacking attempts on South Korea's public sector were by North Korean hackers, mainly targeting valuable intellectual property.

In August 2023, North Korean group Kimsuky attempted to infiltrate a U.S.-South Korean military exercise to gain information on military strategies (see: North Korea's Kimsuky Group Targeted US-Korean Drills).

Later, the National Intelligence Service reported "intensive hacking attacks" by North Korean hackers on South Korean shipbuilders to steal naval secrets. "Such attacks are expected to continue," the agency said (see: North Korean Hackers Target South Korean Naval Shipyards).

In December, South Korean police reported that North Korean hackers had stolen about 1.2 terabytes of defense data, including advanced anti-aircraft weapon information (see: North Korean Hackers Steal South Korean Anti-Aircraft Data).

North Korea's Advanced AI R&D Program

The National Intelligence Service warned that North Korea's AI capabilities could lead to more severe and targeted attacks in 2024.

A study by 38 North revealed North Korea's mature AI ecosystem, in which government and private entities have advanced machine learning skills.

North Korea used AI tools during the COVID-19 pandemic to monitor mask compliance and track symptom detection. Its agencies have also applied pattern optimization in nuclear safety and war-gaming simulations.

North Korean private organizations claim to have incorporated deep neural network technology in security surveillance systems and intelligent IP cameras and used it to enable fingerprint, voice, facial and text recognition on mobile phones.

Kim Hyuk, the study's author, said North Korea's comprehensive AI/ML development strategy spans government, academic and commercial sectors. "North Korea has demonstrated a comprehensive approach to developing its AI/ML capabilities across sectors," he said.

Hyuk said North Korea's AI efforts date back to the 1990s in areas such as weather forecasting and hydro turbine monitoring. The country established the Artificial Intelligence Research Institute in 2013, and numerous universities followed suit, conducting AI/ML research.

Regime Resilient to Sanctions

Despite U.S.-led sanctions limiting North Korea's global AI technology adoption, Hyuk said, the regime is collaborating with Chinese institutions to develop AI for military use.

"North Korea's AI collaborations pose risks to the sanctions regime. The conversion of civilian AI into military applications, particularly in cloud computing environments, is concerning," Hyuk warned. "International conferences might also be exploited by North Korea for technical assistance."

Western governments are aware of North Korea's AI-driven cyberattack capabilities. U.S. Deputy National Security Advisor Anne Neuberger said of North Korea's efforts to use AI for malicious purposes.

"We have observed some North Korean and other nation-state criminal actors try to use AI models to help accelerate writing malicious software and finding systems to exploit," she said, adding that the U.S. is spearheading efforts to leverage AI to bolster its cyber defense capabilities.

A study by the Korea Economic Institute of America in 2022 suggests that North Korea plans to enhance its cyberattacks and defenses with AI. It says the country has devoted vast resources to research the latest technologies and create large-scale cyber units within its military.

"While Pyongyang's human-conducted cyberattacks have been quite effective to date, there are nonetheless some good reasons to think that in the future it may seek to incorporate AI in its offensive cyber operations, especially if its targets begin to degrade the effectiveness of Pyongyang's cyberattacks by adopting AI-enabled anomaly detection," the study says.

"Though the North is connected to the global Internet through only a fairly limited number of access points today, should its own economy develop greater touchpoints with the outside internet, the North would likely see increased value in AI-enabled cyber defenses."


About the Author

Jayant Chakravarti

Jayant Chakravarti

Senior Editor, APAC

Chakravarti covers cybersecurity developments in the Asia-Pacific region. He has been writing about technology since 2014, including for Ziff Davis.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.