Incident 1208: North Korea's Kimsuky Group Reportedly Uses AI-Generated Military ID Deepfakes in Phishing Campaign

Description: Genians reported a phishing campaign by North Korea's Kimsuky group using purportedly AI-generated deepfake military ID cards. Emails reportedly impersonating South Korean defense institutions carried ZIP files with forged IDs whose photos were reportedly created using generative AI. When opened, hidden malware reportedly executed, downloading scripts disguised as Hancom Office updates. This reportedly marked an evolution in Kimsuky's tactics, using AI decoys to boost social engineering.

Editor Notes: Timeline notes: 07/17/2025 is when Genians reportedly "detected a spear-phishing attack attributed to the Kimsuky group. This was classified as an APT attack impersonating a South Korean defense-related institution, disguised as if it were handling ID issuance tasks for military-affiliated officials. The threat actor used ChatGPT, a generative AI, to produce sample ID card images, which were then leveraged in the attack. This is a real case demonstrating the Kimsuky group's application of deepfake technology." The full report contains further details with date-stamped files ranging between 2018 to 2025. The report was published online on 09/14/2025, with press reports being published the following day. Read the full Genians report in English here: https://www.genians.co.kr/en/blog/threat_intelligence/deepfake. Read the report in Korean here: https://www.genians.co.kr/blog/threat_intelligence/deepfake?hs_preview=uBKeAJml-237330098891&hsCtaAttrib=238054141679.

Tools

New Report New Response DiscoverView History

Entities

View all entities

Alleged: OpenAI developed an AI system deployed by Velvet Chollima , THALLIUM , Reconnaissance General Bureau , Kimsuky Group , Group 0094 , Emerald Sleet , Black Banshee , APT43 and Government of North Korea, which harmed Truth , South Korean defense personnel , National security and intelligence stakeholders , Government of South Korea , General public of South Korea and Epistemic integrity.

Alleged implicated AI systems: Hancom Office and ChatGPT

Incident Stats

Incident ID

1208

Report Count

Incident Date

2025-07-17

Editors

Daniel Atherton

Applied Taxonomies

MIT

MIT Taxonomy Classifications

Machine-Classified

Taxonomy Details

Risk Subdomain

4.3. Fraud, scams, and targeted manipulation

Risk Domain

Malicious Actors & Misuse

Entity

Human

Timing

Post-deployment

Intent

Intentional

Incident Reports

Reports Timeline

AI-Driven Deepfake Military ID Fraud Campaign by Kimsuky APT

genians.co.kr

AI Deepfake-based Military ID Forgery Kim Sooki APT Campaign

genians.co.kr

AI Deepfake-Based Forgery of South Korean Military Official ID Cards: Kimsuky Group's APT Campaign

genians.co.kr

North Korea’s Kimsuky Group Uses AI-Generated Military IDs in New Attack

hackread.com

AI-Forged Military IDs Used in North Korean Phishing Attack

infosecurity-magazine.com

Hackers use ChatGPT for fake ID attack

dig.watch

genians.co.kr · 2025

◈ Key Findings

Emergence of APT attacks by the Kimsuky group using generative AI "ChatGPT"
Exploiting deepfake images of South Korean military agency ID cards to access ID issuance tasks
Attempts to evade anti-virus defenses through batch …

genians.co.kr · 2025

AI Translated

◈ Key Findings

Emergence of an APT attack by the Kimsuky Group utilizing the generative AI 'ChatGPT'
Accessing ID issuance services by forging photos of South Korean military officials' IDs using deepfake technology
Attempting to eva…

genians.co.kr · 2025

AI Translated

◈ Key Findings

An APT attack by the Kimsuky group using the generation AI "ChatGPT" has emerged.
They forged photos of South Korean military civil servant ID cards using deepfakes and approached victims posing as ID card issuers.
They atte…

hackread.com · 2025

North Korea's Kimsuky hackers use AI-generated fake military IDs in a new phishing campaign, GSC warns, marking a shift from past ClickFix tactics.

Kimsuky, a notorious North Korean hacking group, is now using fake military ID cards created…

infosecurity-magazine.com · 2025

A North Korean threat actor has leveraged AI to create fake South Korean military agency ID card images used in a spear-phishing campaign, according to cybersecurity firm Genians.

The Kimsuky state-affiliated group was observed using ChatGP…

dig.watch · 2025

A hacking group has reportedly used ChatGPT to generate a fake military ID in a phishing attack targeting South Korea. The incident, uncovered by cybersecurity firm Genians, shows how AI can be misused to make malicious campaigns more convi…

Variants

A "variant" is an AI incident similar to a known case—it has the same causes, harms, and AI system. Instead of listing it separately, we group it under the first reported incident. Unlike other incidents, variants do not need to have been reported outside the AIID. Learn more from the research paper.

Seen something similar?

Similar Incidents

Selected by our editors

North Korea-Linked Actors Allegedly Use AI Executive Deepfakes in Zoom Phishing Targeting Web3 Employee

Jun 2025 · 1 report

By textual similarity

Did our AI mess up? Flag the unrelated incidents

Similar Incidents

Selected by our editors

North Korea-Linked Actors Allegedly Use AI Executive Deepfakes in Zoom Phishing Targeting Web3 Employee

Jun 2025 · 1 report

By textual similarity

Did our AI mess up? Flag the unrelated incidents

Incident 1208: North Korea's Kimsuky Group Reportedly Uses AI-Generated Military ID Deepfakes in Phishing Campaign

Tools

Entities

Incident Stats

MIT Taxonomy Classifications

Incident Reports

Reports Timeline

AI-Driven Deepfake Military ID Fraud Campaign by Kimsuky APT

AI Deepfake-based Military ID Forgery Kim Sooki APT Campaign

AI Deepfake-Based Forgery of South Korean Military Official ID Cards: Kimsuky Group's APT Campaign

North Korea’s Kimsuky Group Uses AI-Generated Military IDs in New Attack

AI-Forged Military IDs Used in North Korean Phishing Attack

Hackers use ChatGPT for fake ID attack

AI-Driven Deepfake Military ID Fraud Campaign by Kimsuky APT

◈ Key Findings

AI Deepfake-based Military ID Forgery Kim Sooki APT Campaign

AI Deepfake-Based Forgery of South Korean Military Official ID Cards: Kimsuky Group's APT Campaign

◈ Key Findings

North Korea’s Kimsuky Group Uses AI-Generated Military IDs in New Attack

AI-Forged Military IDs Used in North Korean Phishing Attack

Hackers use ChatGPT for fake ID attack

Variants

Similar Incidents

Selected by our editors

North Korea-Linked Actors Allegedly Use AI Executive Deepfakes in Zoom Phishing Targeting Web3 Employee

By textual similarity

Hackers Break Apple Face ID

AI-Generated Profiles Used in Disinformation Campaign Targeting Ukrainians

Game AI System Produces Imbalanced Game

Similar Incidents

Selected by our editors

North Korea-Linked Actors Allegedly Use AI Executive Deepfakes in Zoom Phishing Targeting Web3 Employee

By textual similarity

Hackers Break Apple Face ID

AI-Generated Profiles Used in Disinformation Campaign Targeting Ukrainians

Game AI System Produces Imbalanced Game