North Korea Escalates Global Supply Chain Threat by Exploiting AI

Warnings have been issued that North Korea is expanding its cyberattack targets by leveraging Artificial Intelligence (AI) technology to infiltrate software supply chains, open-source projects, video conferencing systems, and app signing mechanisms. The U.S. government has characterized this as a 'global problem' affecting companies and law enforcement agencies worldwide and has announced a policy of active response. The U.S. Federal Bureau of Investigation (FBI) explained that North Korea's exploitation of AI is extending beyond mere fraudulent employment to encompass broad online deception and espionage activities.

According to the FBI, North Korean actors are increasingly sophisticated in using AI to generate convincing spear-phishing emails, fake documents, and deepfake identities. This makes social engineering tactics that exploit human trust, as well as espionage activities, more effective and harder to detect. Foreign intelligence agencies have warned that they are using AI and their networks to create professional online content and are increasing risks by impersonating legitimate organizations such as think tanks or consulting firms. North Korea's exploitation of AI serves as a means to intricately disguise identities, documents, messages, and human networks that people and organizations accept without suspicion.

North Korea's threat has expanded beyond penetrating corporate internal networks to targeting the very software, platforms, video conferencing tools, and development tools that companies rely on. North Korea poses a unique threat by combining state-sponsored espionage with large-scale financial theft to circumvent global sanctions.

Recently, OpenAI announced that a workflow used in its macOS app signing process was running a malicious version and that it had gained access to signing-related credential materials. While deeming the actual risk of certificate compromise low, the company replaced the certificates as a precautionary measure. This incident demonstrates that even the app signing systems of core AI companies can fall within the scope of supply chain attacks.