AI-Forged Military IDs Used in North Korean Phishing Attack

A North Korean threat actor has leveraged AI to create fake South Korean military agency ID card images used in a spear-phishing campaign, according to cybersecurity firm Genians.

However, prompt injection can be used to overcome this refusal. For example, the researchers said the large language model (LLM) may respond to requests framed as creating a mock-up or sample design for legitimate purposes rather than reproducing an actual military ID.

A separate file, ‘LhUdPC3G.bat,’ installed along with the image, was executed and initiated malicious activity once downloaded. Both attack campaigns deployed the same malware which is designed to enable malicious activities such as internal data theft and remote control.

To read the complete article see: Infosecurity Magazine