The Kimsuky APT group has launched a sophisticated spear-phishing campaign using AI-generated deepfake military ID cards to target South Korean defense institutions. The attack impersonates military employee ID issuance processes and exploits ChatGPT to create convincing fake ID images. The malware employs obfuscated batch files and AutoIt scripts to evade detection, connecting to command and control servers for further payload deployment. The campaign demonstrates the evolving tactics of state-sponsored threat actors in leveraging AI technologies for cyber espionage. Analysis reveals connections to previous Kimsuky operations targeting unification researchers and government agencies, highlighting the persistent nature of the threat. Author: AlienVault
Related Tags:
T1218.011
ai
T1053.005
spear-phishing
south korea
chatgpt
Obfuscation
T1059.001
T1059.003
Associated Indicators:
09DABE5AB566E50AB4526504345AF297
227973069E288943021E4C8010A94B3C
EACF377577CFEBE882D215BE9515FD11
143D845B6BAE947998C3C8D3EB62C3AF
90026C2DBDB294B13FD03DA2BE011DD1
zabel-partners.com
seytroux.fr
guideline.or.kr
versonnex74.fr