North Korea Automates Novel Vulnerability Attacks Using AI

North Korean hacking groups are automating attacks on zero-day vulnerabilities by utilizing artificial intelligence (AI) as a core weapon, moving beyond its role as a simple auxiliary tool. AI is being employed to automatically identify vulnerabilities in computer programs and test attack code designed to exploit them. This development indicates that AI is being used in attacks targeting 'zero-day' vulnerabilities, which are flaws that security vendors have not yet patched. The automation through AI significantly shortens the time required for vulnerability analysis and verification, a process that previously took months, allowing for faster and more widespread exploitation of these unpatched weaknesses.

Evidence also suggests that large language models (LLMs) were involved in code generation for the backdoor 'HellDoor,' used by the North Korean hacking group 'Kimsuky.' Attackers are reportedly using AI to create fake identities, discover security vulnerabilities, and automatically generate malware.

State-sponsored hacking groups are showing significant interest in AI technology, with organizations linked to China and North Korea notably adopting and integrating the latest AI advancements into their cyberattack strategies.