North Korean Hacking Group KimSuki Linked to AI-Powered Malware Development

North Korean hacking group KimSuki is developing malware using artificial intelligence (AI) technology and targeting the government's certificate system. In a report released on the 14th, security firm Kaspersky analyzed KimSuki's latest attack tactics. Kaspersky researchers tracked KimSuki's activities over the past several months and identified HelloDoor, a Rust-based backdoor, during this period. Comments containing emojis and grammatical errors within the HelloDoor code suggest the development of malware utilizing large language models (LLMs).

KimSuki is exploiting Visual Studio Code's remote tunneling feature and remote management tools (RMM). The group has employed a method of delivering malicious attachments via spearphishing emails.

Amid these activities, KimSuki has been confirmed to possess functionality for collecting directories storing government-issued public key certificates (GPKI) through its Appleseed malware. The potential leakage of these certificates raises concerns about the compromise of public official accounts and government systems.