North Korean hacking groups are evolving their threats. While past cyber attacks focused on information theft and cryptocurrency hacking, they are now utilizing AI to precisely target government certification systems and internal networks. This indicates a real threat to national security and administrative systems.
On May 14, global security firm Kaspersky disclosed the latest attack tactics of the North Korean hacking group Kimsuky. According to the report, the group is using AI to create malware that targets the GPKI storage directory, which is part of the South Korean government's official electronic certification system. There have been actual detections of attempts to steal government employee accounts and penetrate internal networks.
The more serious issue is the change in attack methods. North Korean hackers are now exploiting the remote tunnel feature of Visual Studio Code (VSCode) and remote management tools to disguise their activities as normal Microsoft server communications. This strategy aims to evade detection by existing security solutions. Rather than relying on simple phishing or email attacks, they are evolving to infiltrate legitimate work environments.
AI is fundamentally a technology for industrial innovation and productivity enhancement. However, it also significantly lowers the barriers for attackers. The Google Threat Intelligence Group (GTIG) recently warned that North Korean and Chinese-linked hacking groups are using AI to detect zero-day vulnerabilities and automate attacks. Notably, the North Korean group APT45 has been observed inputting thousands of prompts into AI models to automatically validate attack codes and analyze vulnerabilities.
Tasks that once required skilled hackers to spend considerable time on can now be performed rapidly by AI. Automation is becoming possible for malware generation, vulnerability analysis, phishing message creation, and internal network exploration. This structure lowers the cost of attacks while increasing the likelihood of success. For state-sponsored North Korean hacking groups, this effectively represents a 'cyber weapons enhancement.'
The problem is that our response systems are not keeping pace with this rapid evolution. Many public institutions still rely on certificate-based access systems and closed network security. Critics point out that there are insufficient measures to prevent internal spread once a breach occurs. Particularly, local governments and public organizations often invest significantly less in security compared to central government agencies.
Even more concerning is the potential for AI-based attacks to disrupt national functions beyond mere information leaks. In a digital national structure where administrative, defense, energy, transportation, and financial infrastructures are interconnected, cyber attacks are no longer just 'online crimes.' They represent an extension of real warfare and security threats.
North Korea is already regarded as having one of the world's most advanced cyber capabilities. Despite international sanctions, it has continued to generate foreign currency through hacking operations and information warfare. The integration of AI into these efforts could significantly amplify the impact of their attacks. Recently, there have been reports of North Korean operatives combining deceptive employment tactics with generative AI to infiltrate the internal networks of foreign companies.
Now, government responses must fundamentally change. First, there needs to be an urgent review of the entire public sector certification system. A system that merely stores certificates will struggle to counter AI-based attacks. Second, the adoption of AI-based security systems must be expedited. If attackers are using AI while defenses remain human-centered, the chances of success are slim. Third, real-time sharing of cyber threat intelligence between the private sector and military and intelligence agencies must be strengthened.
Cybersecurity is no longer just an IT department issue; it is a matter of survival for the entire national operating system. The use of AI by North Korean hacking groups is not merely a technological change; it signifies a shift in the national security environment itself. Delays in addressing these threats could lead to far greater costs.
* This article has been translated by AI.
Copyright ⓒ Aju Press All rights reserved.