North Korean Hackers Used ChatGPT To Forge Deepfake Military ID in Cyberattack - 1

Close up on screen displaying ChatGPT homepage

North Korean Hackers Used ChatGPT To Forge Deepfake Military ID in Cyberattack

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

In a rush? Here are the quick facts:

  • The phishing email carried malware designed to steal victims’ data.
  • Group behind attack is suspected North Korean unit “Kimsuky.”
  • Targets included journalists, researchers, and human rights activists in South Korea.

Attackers developed a fake ID card to boost their credibility during their phishing operation, as reported by Bloomberg . Instead of including a real image, the phishing email contained a link that triggered a malware download, designed to steal data from victims’ devices.

The hackers are believed to be part of Kimsuky , a group long suspected of working for Pyongyang. The US Department of Homeland Security said in 2020 that Kimsuky “is most likely tasked by the North Korean regime with a global intelligence-gathering mission,” as reported by Bloomberg.

Phishing targets in this latest attack included South Korean journalists, researchers, and human rights activists focusing on North Korea. Bloomberg explains that the phishing emails even used an address ending in “.mil.kr” to mimic the South Korean military. It remains unclear how many people were affected.

Attackers can leverage emerging AI during the hacking process, including attack scenario planning, malware development, building their tools and to impersonate job recruiters,” said Mun Chong-hyun, director at Genians, the South Korean cybersecurity firm who first discovered the attack.

Bloomberg reports how Genians researchers discovered that ChatGPT initially refused to create an ID when asked, since reproducing government IDs is illegal in South Korea. But altering the prompt allowed them to bypass the restriction.

This isn’t the first case of North Korean hackers exploiting AI. For example, Anthropic reported in August that hackers used its Claude Code tool to get remote jobs at US Fortune 500 companies.

US officials warn North Korea continues to rely on cyberattacks, cryptocurrency theft, and IT contractors to both gather intelligence and fund its nuclear program.

Vietnam’s National Credit Database Hit By Cyberattack - 2

Photo by Matt Brown on Unsplash

Vietnam’s National Credit Database Hit By Cyberattack

  • Written by Andrea Miliani Former Tech News Expert
  • Fact-Checked by Sarah Frazier Former Content Manager

Vietnam’s cybersecurity agency announced on Thursday that hackers had attacked the Vietnam National Credit Information Center (CIC) and stolen a large database containing sensitive information on creditors.

In a rush? Here are the quick facts:

  • Vietnam’s cybersecurity agency announced that hackers attacked the Vietnam National Credit Information Center.
  • Malicious actors got access to sensitive data, including credit card and general personal information.
  • Authorities suspect the hacker group Shiny Hunters is behind the attack.

According to Reuters , the attackers gained access to credit card details, payment records, risk analyses, and general personal data. Authorities have warned residents to remain vigilant and are investigating the breach.

“Initial investigation indicated signs of unauthorised access aimed at stealing personal data, with the extent of the breach still being assessed,” said the cybersecurity agency on Thursday.

Reuters also reported that the CIC, in a letter sent to financial institutions, confirmed it was investigating the incident and suspected the hacker group Shiny Hunters—a criminal organization known for targeting international companies such as Microsoft, Google, and Qantas—was behind the attack.

A few days ago, Google confirmed that Shiny Hunters was responsible for a separate cyberattack on its Salesforce systems.

The CIC added that the attack did not affect its services. “The incident has not disrupted operations or caused any damage, and the credit information service system remains fully functional,” stated the letter.

Vietnamese authorities have not disclosed details about the scale of the breach, including the number of victims or accounts affected. In a note to investors on Friday, JPMorgan warned that the incident could pose a risk to deposit flows and would likely increase cybersecurity costs for banks.

The Vietnamese government also released an announcement on its website, confirming the breach and assuring the public that authorities were working to contain the damage.

“The parties have synchronously deployed technical and professional measures to respond, verify, and ensure network security,” states the announcement, according to a Google translation. “People are also advised to be vigilant and avoid the risk of having their personal information exploited to spread malware, commit fraud, and misappropriate property.”