North Korean hackers are reportedly using ChatGPT to trick users on LinkedIn and other social media platforms into providing sensitive information and data, according to a report.
ChatGPT parent company OpenAI and investor Microsoft revealed last week that it had “disrupted five state-affiliated actors that sought to use AI services in support of malicious cyber activities.”
Using Microsoft Threat Intelligence, accounts associated with two China-affiliated threat actors known as Charcoal Typhoon and Salmon Typhoon, the Iran-affiliated threat actor known as Crimson Sandstorm, the North Korea-affiliated actor known as Emerald Sleet, and the Russia-affiliated actor known as Forest Blizzard were identified and terminated.
Microsoft, which owns LinkedIn, noted that Emerald Sleet, also known as Kimsuky, impersonated “reputable academic institutions and NGOs to lure victims into replying with expert insights and commentary about foreign policies related to North Korea.”
It said in its blog post that it had not found evidence of these actors having carried out any significant cyberattacks but that much of its findings were “representative of an adversary exploring the use cases of a new technology.”
OpenAI reported that North Korea’s Emerald Sleet account used its services “to identify experts and organizations focused on defense issues in the Asia-Pacific region, understand publicly available vulnerabilities, help with basic scripting tasks, and draft content that could be used in phishing campaigns.”
How North Korean hackers are targeting LinkedIn
According to Yonhap, South Korea’s state intelligence agency detected signs that North Korea tried incorporating generative AI into its hacking attacks and other illicit cyber activities.
“Recently, it has been confirmed that North Korean hackers use generative AI to search for hacking targets and search for technologies needed for hacking,” a senior official at the National Intelligence Service (NIS) told reporters. The NIS said it found a daily average of 1.62 million hacking attempts in South Korea’s public sector last year, up 36% from a year ago.
The NIS added that it is also suspected of using its overseas IT workers to find jobs at IT companies to plant malicious codes on software programs they developed at the companies to steal cryptocurrencies.
Erin Plante, vice-president of investigations at crypto-focused cyber security company Chainalysis, told the Financial Times that “North Korean hacking groups have been seen to create credible-looking recruiter profiles on professional networking sites such as LinkedIn.”
“Generative AI helps with chatting, sending messages, creating images and new identities — all the things you need to build that close relationship with your target,” she added.
OpenAI stated that its findings align with external evaluations, indicating that GPT-4’s capabilities in aiding “malicious cybersecurity tasks” are limited to what can already be accomplished using publicly accessible tools that do not utilize AI.
Last year, it was reported that North Korea-backed hackers targeted cryptocurrency clients by infiltrating the systems of U.S. enterprise software company JumpCloud.
Featured image: Canva / DALL·E