The Era of Elite Hackers Transforming into Large-Scale Forces: The Reality of North Korean AI Hacking

These days, we often hear how convenient AI is in our daily lives. However, the group that is repurposing this convenient technology into a deadly weapon is none other than North Korean hacking organizations.

Until now, when thinking of North Korean hackers, one might have imagined an 'elite hacker unit sitting in front of computers day and night to earn foreign currency,' but they have now entered a stage of 'cyber attack automation' that handles everything from fake ID production to finding security vulnerabilities and automatically generating malware.

This means that a small elite group of North Korean hackers, equipped with AI as a booster, wields destructive power comparable to that of thousands of hackers.

"AI Wrote the Code?" Caught Malware

Recently, the global cybersecurity company Kaspersky released a very interesting and frightening report. They analyzed a backdoor malware called 'HelloDoor' used by the infamous North Korean hacking group 'Kimsuky' and found some very peculiar traces.

Unlike the meticulously crafted malware by human hackers, this code contained random emoticons in comments and unstructured grammatical errors.

Why is this a sign of AI? It was a typical glitch that occurs when coding is done by large language models (LLMs) like ChatGPT.

Instead of North Korean hackers spending all night coding malware line by line, they were caught red-handed generating it automatically by throwing prompts (commands) at AI.

Acceleration of Zero-Day Attacks: Prompt Bomb Terror

According to another analysis by the Google Threat Intelligence Group (GTIG), the situation is even more serious.

Another affiliated hacking group from North Korea, 'APT45,' is fiercely utilizing AI to find software vulnerabilities.

To find hidden vulnerabilities in software and verify if they can be exploited in real attacks, human hackers typically need to spend months analyzing. However, North Korean hackers have automated this process by repeatedly inputting commands (prompts) into AI on a large scale.

This has drastically reduced the preparation time for 'zero-day attacks,' which strike when security firms are unaware and have not yet created patches (updates). Before the security industry can build a shield, AI is rapidly producing weapons.

AI Perfectly Cures North Korean Hackers' Achilles' Heel

In fact, North Korean hackers have had two critical weaknesses until now.

One was their relatively lower coding skills compared to Western countries, and the other was the language barrier that caused them to be caught due to awkward Western or South Korean vocabulary usage.

However, AI has cured this Achilles' heel. If their coding skills are lacking, they can simply ask AI to write it for them, and awkward translations are transformed into perfect and natural phishing messages (emails, texts) through AI.

From Personal Targeting to 'Supply Chain Attacks': A Scale Beyond Limits

As attacks become more sophisticated, the targets have also grown terrifyingly larger. Previously, they targeted specific officials or experts in a spear-phishing level, but now they have escalated to 'supply chain attacks' that infect large-scale systems themselves.

In fact, other malware used by Kimsuky has been found to have the capability to steal government-certified electronic certificate (GPKI) storage information used by our government officials. If the certificate is stolen, it means that the internal administrative network of South Korea could open up like a high-speed pass.

Recently, suspected North Korean hackers attempted to infiltrate 'Axios,' an open-source library downloaded over 100 million times weekly by developers worldwide. In this process, traces of access to key product certificates and workflows of OpenAI were discovered. Fortunately, the worst-case scenario of complete data leakage was avoided, but if these certificates had been fully stolen? It would have been a shocking incident where services like ChatGPT or AI could have become conduits for spreading malware, affecting hundreds of millions of users worldwide.

The Bitter Side Effects of Technological Advancement

Ultimately, the blessing of technology known as artificial intelligence has become a cyber factory that can produce weapons of mass destruction without cost for some. As AI advances, the threshold for hacking lowers, and its destructive power grows uncontrollably, which is the harsh reality we face.

Now, not only nations or large corporations but also individuals must abandon the complacent thought of "Surely, I won't get hacked?"

It is essential to avoid clicking on links from unclear sources and to make it a habit to always set up two-factor authentication (MFA) when logging in, even if it is bothersome.

In an era where we must fight against hackers armed with AI, our defenses to protect our wallets and information must be equally strengthened.