North Korea uses OpenAI tools for cyber offense tasks

By Hongeun Im, The Readable
Feb. 16, 2024 8:46PM GMT+9

On Wednesday, Microsoft and OpenAI, companies partnered in the field of artificial intelligence (AI) technologies, disclosed that Kimsuky, a hacking group based in North Korea, has utilized OpenAI’s large language models (LLMs) to aid in their hacking activities.

The group leveraged OpenAI’s technologies to generate content for spear phishing campaigns, which aim to target specific individuals or organizations to extract confidential information. Specifically, they composed emails that impersonated officials from well-known educational institutions and non-governmental organizations (NGOs), soliciting opinions on international policies concerning North Korea.

According to research conducted by the two companies, there have been no confirmed instances where AI technology was directly utilized in hacking incidents. Instead, Kimsuky employed the technology for identifying pre-existing vulnerabilities, obtaining help in repairing web technologies, and scripting simple tasks, such as detecting user activities on a system.

Hacking groups from China, Russia, and Iran were also identified as malevolent entities utilizing OpenAI’s large language models (LLMs) to support their cyber offensive operations. These groups commonly used the technology for activities such as reconnaissance, coding assistance, and leveraging native languages in their operations. Microsoft further stated that it has disabled all accounts associated with these four hacking groups.

The measures taken by Microsoft and OpenAI align with the White House’s executive order issued last October, which mandates the development of “standards, tools, and tests to ensure that AI systems are safe, secure, and trustworthy.” This directive emphasizes the need for companies to ensure that AI technologies do not pose a threat to cybersecurity.

The cover image of this article was designed by Areum Hwang. This article was edited by Dain Oh and copyedited by Arthur Gregory Willers.

Hongeun Im is a reporting intern for The Readable. Motivated by her aspirations in cybersecurity and aided by the language skills she honed while living in the United Kingdom, Im aims to write about security issues affecting the Korean Peninsula and lead more people to become interested in cybersecurity. She attends Gwangju Institute of Science and Technology, majoring in Electrical Engineering and Computer Science. Her interest in computer science led her to participate in the World Friends Korea volunteer program, where she taught Python at the Digital Government Center in Laos and at Al-Balqa Applied University in Jordan.