A North Korea-linked hacking group is leveraging artificial intelligence (AI) technology to develop malicious software targeting the South Korean government's electronic authentication system, a Russian cybersecurity firm said Thursday.
Kaspersky said in its latest report its researchers discovered that "HelloDoor," a backdoor malware program first identified last August, was linked to the North Korean hacking group Kimsuky.
"We found comments in the code that appear to have been generated by a large language model (LLM) service rather than a human developer. This is based on traces that include emojis used for logging debugging messages," the report said.
Since last year, Kimsuky has been using a feature called "Visual Studio Code Remote Tunneling" instead of deploying malware directly to establish covert remote access to victims' devices, according to the report.
The report noted that these advancements pose greater threats, particularly to South Korean government institutions, which have been the primary targets of the hacking group.
In particular, Kimsuky's "AppleSeed" malware is mainly used to extract key data from the South Korean government's authentication system used on government servers.
The report warned that if authentication data is compromised, hackers could gain unauthorized access to internal government systems through hijacked accounts, posing a broader security threat to the nation's infrastructure.
Source: Korea Times News
