North Korean Hackers Employ ChatGPT in Sophisticated LinkedIn Scams
In an alarming development, North Korean hackers have been harnessing the power of ChatGPT, the advanced language model developed by OpenAI, to orchestrate complex scams on LinkedIn and other social platforms. By posing as reputable entities, these cybercriminals aim to extract sensitive information and data from unsuspecting users.
A recent disclosure by OpenAI and its investor, Microsoft, has shed light on the extent of this menace. These tech giants have collectively thwarted the activities of “state-affiliated actors” leveraging AI services for nefarious purposes. Microsoft’s Threat Intelligence was instrumental in identifying and neutralizing accounts tied to threat actors from China, Iran, North Korea, and Russia, all of which were attempting to misuse AI technologies in cyber espionage and cyberattacks.
Among these entities, the North Korea-affiliated hacker group known as Emerald Sleet, also recognized under the alias Kimsuky, stood out for its deceptive approach. According to Microsoft, which also owns the professional networking platform LinkedIn, these hackers devised a cunning strategy. They impersonated reputable academic institutions and NGOs, aiming to entice victims into sharing their expert knowledge and perspectives on matters relating to North Korea’s foreign policies.
Though these efforts did not escalate to significant cyberattacks, they epitomize the early stages of adversaries exploring and adapting to new technologies for malicious ends. OpenAI’s investigation revealed that Emerald Sleet exploited its services to pinpoint defense experts and organizations centered on Asia-Pacific issues. The hackers sought to uncover openly available vulnerabilities, assist with basic scripting tasks, and craft content poised for phishing attacks.
South Korea’s National Intelligence Service (NIS) corroborated these findings. They detected unmistakable evidence of North Korean entities employing generative AI to streamline their hacking operations. A senior NIS official disclosed the identification of about 1.62 million hacking attempts daily on South Korea’s public sector platforms last year, marking a 36% increase from the previous year. Furthermore, North Korea is suspected of enlisting its IT workforce stationed abroad in IT companies. The objective appears to be the insertion of malicious codes into software, facilitating cryptocurrency theft.
Erin Plante, Vice-President of Investigations at the cybersecurity firm Chainalysis, underscored the sophistication of these cyber schemes. Plante highlighted how North Korean hacking collectives utilize convincingly crafted recruiter profiles on LinkedIn and other professional sites. “Generative AI aids in conversing, messaging, creating images and identities – essential elements for establishing a rapport with targets,” she elucidated.
Despite these alarming uses, OpenAI reassures that the potential of GPT-4 to aid “malicious cybersecurity tasks” remains within the bounds of what is achievable through publicly available tools that do not employ AI. This statement aims to mitigate concerns about the unprecedented misuse of AI technologies but also calls for vigilant monitoring of such tools’ evolution and application.
Last year’s incident involving North Korea-backed hackers, who targeted cryptocurrency clients by compromising the systems of the U.S. enterprise software company JumpCloud, further exemplifies the burgeoning threat of AI-assisted cybercrime.
As the digital landscape evolves, so do the tactics of cybercriminals. The use of sophisticated AI tools like ChatGPT by entities such as North Korean hackers to scam LinkedIn users serves as a stark reminder of the relentless innovation at the dark fringes of technology. Vigilance and continuous adaptation of cybersecurity measures remain our best defense against these emerging threats.
