Genians, South Korea’s No. 1 Endpoint Detection and Response (EDR) solution provider, today announced new findings exposing how a North Korean state-sponsored hacking group exploited OpenAI’s ChatGPT to generate a deepfake military ID in a phishing campaign against South Korean targets.
Phishing Campaign with Deepfake Military ID
The investigation led by the Genians Security Center, and detailed in the company’s Threat Intelligence Blog, revealed that attackers linked to the Kimsuky espionage unit used AI tools to forge a realistic military identification card. This allowed them to disguise phishing emails sent from a spoofed domain impersonating a defense institution. Malicious attachments contained PowerShell shortcuts that deployed backdoors and extracted data, while the AI-generated ID image provided a cover to deceive victims.
North Korea’s Growing Use of AI in Cyber Operations
This case highlights a broader trend. North Korea has escalated its use of AI in cyber operations, ranging from deepfakes to fraudulent resumes. Recent Axios reports found that North Korean IT workers used ChatGPT to secure remote jobs at US Fortune 500 companies, generating illicit revenue and intelligence for North Korea. Combined with cryptocurrency theft and cyber espionage, these tactics help the regime bypass sanctions and finance its weapons programs.
Findings from the Genians Security Center
“Over the past 20 years, Genians has supported South Korean government agencies in confronting advanced threats. This unique experience, combined with our technology, enables us not only to detect new vectors of AI-driven attacks but also to respond more effectively to similar security challenges in the global market,” said Chonghyun Mun, Director of Genians Security Center.
Genians’ research analyzed a forged government ID draft image used in the phishing campaign. Deepfake detection tools confirmed with 98 percent probability that the image was AI-generated, validating the use of generative AI in this attack. Although OpenAI has implemented safeguards to block ID creation, attackers bypassed restrictions through prompt manipulation, also known as jailbreak.
Why Genians EDR Matters in AI-Enabled Intrusions
By exposing how state actors misuse AI to automate phishing, build attack tools, and impersonate identities, Genians highlights the urgent need for stronger defenses. Genians EDR played a central role in analyzing and attributing this campaign, reinforcing the solution’s importance in protecting organizations against AI-enabled intrusions.
Genians as a Comprehensive Cybersecurity Platform Vendor
As a comprehensive cybersecurity platform vendor, Genians delivers integrated solutions that span EDR and Universal Zero Trust Network Access (ZTNA), which inherently incorporates Network Access Control (NAC), along with orchestration capabilities. This platform approach ensures unified visibility and control, verifying device and user compliance before access is granted, while maintaining the highest security and regulatory standards across diverse environments.
Genians (KOSDAQ: 263860) is a leading provider of NAC-driven ZTNA solutions that deliver a fundamental cybersecurity platform. By leveraging Device Platform Intelligence (DPI), Network Access Control (NAC), Zero Trust Network Access (ZTNA), and Endpoint Detection and Response (EDR), Genians empowers organizations to establish a trusted path for secure access across all connected devices. Since its inception in 2005, Genians has served over 5,000 customers spanning diverse industries and organizational sizes, including Fortune 500 enterprises, government agencies, military installations, critical infrastructure, finance, healthcare, education, and more. Committed to fostering a stronger security culture globally, Genians collaborates with industry leaders and communities worldwide.