False Curriculum Vitae identity cards, North Korean and Chinese pirates have used AI tools to overcome espionage and slip into businesses and other targets.
In the last case, a North Korean hacking group known as Kimusky used Chatgpt to generate a false project of a South Korean military identity document. False identity documents were joined to phishing emails that have usually used a South Korean defense institution responsible for delivering skills titles to civil servants affiliated to soldiers, the South Korean Cybersecurity Society said on Monday in a blog article published on Monday.
Kimsuky was linked to a series of spy campaigns against individuals and organizations in South Korea, Japan and the United States. In 2020, the American Department of Internal Security said that the group was “most likely charged by the North Korean regime with a global intelligence collection mission”.
Chatgpt blocks attempts to generate official government identifiers. But the model could be condemned to produce convincing models if the prompt was formulated as a “sample design for legitimate purposes rather than reproducing a real military identity document”, said geniuses.
This is not the first time that North Korean hackers have used AI to infiltrate foreign entities. Anthropic said in a report last month that the North Korean hackers used its Claude tool to secure and maintain a fraudulent distance job in American Fortune 500 technological companies. The pirates used Claude to shoot curriculum vitae and convincing portfolios, pass coding tests and even make real technical assignments once at work.
US officials said last year that North Korea placed people in distant positions in American companies using false or stolen identities as part of a mass extortion program.
China pirates do it too
Anthropic said in the same report as a Chinese actor had spent more than nine months to use Claude as a complete cyber attack assistant to target the main Vietnamese telecommunications suppliers, agricultural systems and government databases.
The pirate used Claude as “technical advisor, code developer, security analyst and operational consultant throughout their campaign,” said Anthropic.
Anthropic said that he had implemented new ways to detect improper use of his tools.
Chinese pirates also turned to Chatgpt to get help with their cyber campaigns, according to an Openai report published in June. The pirates asked the chatbot to generate code for “bruteforce password” – scripts that become thousands of user and password combinations until you work. They used Chatgpt to dig up information on American defense networks, satellite systems and government identification verification cards.
The OPENAI report reported an influence operation based in China which used Chatgpt to generate publications on social networks designed to stir up the division in American policy, including false profile images to make the accounts look like real people.
“Each operation we disturb gives us a better understanding of how threat actors try to mistreat our models and allows us to refine our defenses,” said Openai in the June report.
It’s not just Claude and Chatgpt. North Korean and Chinese pirates have experienced Google Gemini to extend their operations. The Chinese groups used the chatbot to help the code and obtain “deeper access to the target networks”, while the North Korean actors used gemini to write false cover letters and identify job offers, Google said in a January report.
Google said Gemini’s guarantees have prevented pirates from using it for more sophisticated attacks, such as access to information to handle Google’s own products.
OPENAI, Anthropic and Google did not respond to a request for comments from Business Insider. Companies have said they had published their pirate results to help others improve security.
AI facilitates hacking
Cybersecurity experts have long warned that AI has the ability to facilitate hacking and disinformation operations.
Pirates used AI models to infiltrate companies, Yuval Fernbach, the director of automatic learning technology of the JFROG software supplies, told Business Insider in a report published in April.
“We see a lot, a lot of attacks,” said Fernbach, adding that the malicious code is easily hidden inside models of large open source. Pirates have generally closed things, stealing information or changing the release of a website or a tool.
Online companies have also been struck by Deepfakes and Scams. Rob Duncan, vice-president of the Cybersecurity Society Netcraft strategy, told Business Insider in a June report that he was not surprised by the development of personalized phishing attacks against small businesses.
Genai tools now allow a new lonely wolf with little technical know-how to clone the image of a brand and write flawless and convincing scam messages in a few minutes, said Duncan. With cheap tools, “attackers can more easily endeavor employees, deceive customers or pretend to be partners on several channels,” he added.
