cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

North Korean hackers making increased use of AI tools

South Korean intelligence officials are keeping a close eye on the use of generative artificial intelligence (AI) by hackers to the north as crypto thefts rise.

user icon David Hollingworth
Mon, 29 Jan 2024
North Korean hackers making increased use of AI tools
expand image

An official with South Korea’s National Intelligence Service (NIS) has shed light on the hacking activities of rival North Korea.

Speaking anonymously to the Yonhap News Agency, the official said that while the NIS has not yet seen North Korean hackers using AI in their attacks, they are certainly making use of AI tools to scout out and discover possible targets.

“Recently, it has been confirmed that North Korean hackers use generative AI to search for hacking targets and search for technologies needed for hacking,” a senior official at the NIS said.


The NIS did, however, admit that it has observed North Korean threat actors using AI in its phishing attempts, often targeted at individuals. At the other end of the scale, North Korean hackers are targeting public-sector entities at a massive scale. Eighty per cent of all hacking attempts against the sector came from North Korea and were largely aimed at acquiring intellectual property.

“Fluctuating dynamics around the Korean Peninsula, such as intensified Korea-US-Japan cooperation and increased North Korea-Russia exchanges, are leading to more hacking attempts on our diplomatic, security, and advanced K-technology sectors by North Korea and China,” the NIS said in a separate report on the security outlook for 2204.

Shipyards and defence data have been seen as particularly popular targets.

The AI revelations come as North Korean hackers are increasingly turning to cryptocurrency theft to fund both their activities and the wider North Korean economy.

According to blockchain technology firm Chainalysis, North Korean hackers stole just shy of US$1 billion in cryptocurrency in 2023. That is a lower figure than the year before – which was about US$1.7 billion – but spread across more discrete instances of theft. In 2023 alone, North Korean hackers were involved in 20 crypto-hacking incidents.

The year before saw 15 such attacks.

Nearly half of 2023’s stolen funds came from DeFi platforms, with centralised services, crypto exchanges, and wallet providers making up the balance.

Erin Plante, vice president of investigation at Chainalysis, expects to see North Korean cyber activity increase in scope and sophistication in the next 12 months, but that things may still turn around.

“For instance, we saw 2022 as the most successful year ever for North Korea hacking groups based on the value of funds stolen, however, in 2023, there were a larger number of attacks,” Plante said in a statement.

“The faster the speed in which crypto platforms react to an exploit, the better-equipped law enforcement agencies will be to contact exchanges where frozen funds are located to initiate seizure and contact services through which the funds flowed to gather relevant information about accounts and users. We anticipate that through stronger processes, global collaboration, and public-private partnerships over time, crypto hacks will continue to decline.”

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.