North Korea’s AI-Driven Hacking: Infiltrating Everyday Life

North Korea’s cyberattacks are evolving, with artificial intelligence (AI) becoming a powerful weapon that penetrates deeply into people’s daily lives. Cases have emerged of remote smartphone paralysis and surveillance through webcams and location-based services, exposing serious loopholes in South Korea’s cybersecurity systems.

From Data Theft to Destruction: The Shift in North Korean Cyberattacks

According to the cybersecurity industry, North Korea’s cyber operations have shifted in recent years from simple information theft to destructive attacks that disrupt daily infrastructure.

In 2023, North Korean hacking group APT37 targeted North Korea-related businessmen and defectors, attempting to steal audio files from their computers while simultaneously distributing destructive malware designed to damage systems.

This was not just a simple hack—it was a deliberate attempt to paralyze the victims’ social and digital activities, creating secondary harm.

No More ‘Safe Zones’: macOS and Government Networks Targeted

In June 2023, a North Korean cyberattack targeting macOS—previously considered relatively secure—was confirmed in South Korea for the first time.

U.S. cybersecurity media outlet The Frack revealed that North Korean hacking group Kimsuky had obtained public officials’ GPKI (Government Public Key Infrastructure) certificates and passwords, allowing them to freely move within administrative networks.

The attack reportedly expanded beyond public institutions to include academia, media, and organizations involved in North Korea-related issues.

AI as the Hackers’ New Ally: Fake Job Applicants and Deepfakes

AI has given North Korean hackers a new set of tools.

According to an August report by Anthropic, North Korean hackers have used AI to create fake online identities and pose as job applicants in overseas IT companies.

With AI assistance, individuals lacking English proficiency or technical skills could convincingly pass interviews and perform tasks—part of a coordinated scheme to evade international sanctions and earn foreign currency.

Smartphone Shutdowns and Location Tracking: Evidence of AI Surveillance

In July, South Korean cybersecurity firm Genians Security Center revealed that North Korea’s Kimsuky group used AI-generated deepfake images in spear phishing attacks targeting military-related organizations. (Spear phishing refers to highly targeted cyberattacks against specific individuals or groups.)

In another case, victims’ smartphones were remotely reset to a “dead” state, after which the infected devices spread malicious files to contacts via KakaoTalk.

The timing of these attacks often coincided with when victims were away from home or work. It is suspected that the hackers used data from Google location services and webcam feeds to track victims’ movements.

“Attack Happens in Real Time—Defense Takes a Month”

Kang Byung-tak, CEO of AISPhera, commented,

“In the past, even if a vulnerability was discovered, it took time before an actual attack occurred. But with AI, attacks can happen instantly. The problem is, our defense systems are still lagging—hackers strike today, and defenders respond next month.”

Experts warn that without a fundamental change in security culture, South Korea will remain vulnerable to North Korea’s AI-powered cyber threats.

They emphasize that South Korea must urgently adopt AI-based cybersecurity systems, similar to how major countries like the U.S. have implemented EDR (Endpoint Detection and Response) solutions across industries.

By Choi Song-a ㅣchoesonga627@gmail.com