Researchers have raised new concerns after revealing that a North Korean hacking group has been using OpenAI’s ChatGPT to create fake military ID cards.
The group, known as Kimsuky, reportedly generated the IDs to make their phishing attacks look more convincing. These attacks are designed to trick people into opening infected files or clicking on harmful links that then steal sensitive information.
According to cybersecurity experts in South Korea, the hackers first ran into restrictions when trying to generate official IDs. ChatGPT initially refused to help, but the group eventually found ways to rework their requests until they produced realistic looking cards.
These fakes were then used to target journalists, activists, and researchers in South Korea, people who are often at the center of sensitive issues.
READ: How to Identify Phishing and Scam Links on Social Media
Kimsuky has been linked to espionage and disinformation efforts for years, and this new approach shows how AI can be exploited to add more weight to scams. By flashing what appears to be a genuine ID, the hackers make it easier to gain trust and persuade victims to share details or download files.
The misuse of AI does not stop there. Other reports have suggested that the group has used different AI systems to help them write resumes, draft cover letters, and even pass coding tests.
By pretending to be job applicants, they can slip into professional spaces that would otherwise be difficult to access. Once inside, they can gather data or spread malware.
To make their phishing emails seem even more credible, the hackers have also copied the look of real South Korean military email domains. For someone receiving such a message, the combination of a familiar looking address and a convincing ID could be enough to fall for the trick.
