Government of North Korea
Incidents involved as Deployer
Incident 111841 Report
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers
2021-01-01
North Korean operatives have reportedly used AI-generated identities to secure remote jobs or impersonate employers in order to infiltrate companies. These tactics allegedly support sanctions evasion through wage theft, credential exfiltration, and malware deployment. Workers reportedly use fake resumes, VPNs, and face-altering tools; some deploy malware like OtterCookie after embedding, while others lure targets via spoofed job interviews. AI systems are reportedly used to generate fake resumes, alter profile photos, and assist in real-time responses during video interviews.
MoreIncident 12013 Report
Anthropic Reportedly Identifies AI Misuse in Extortion Campaigns, North Korean IT Schemes, and Ransomware Sales
2025-08-27
In August 2025, Anthropic published a threat intelligence report detailing multiple misuse cases of its Claude models. Documented abuses included a large-scale extortion campaign using Claude Code against at least 17 organizations, fraudulent remote employment schemes linked to North Korean operatives, and the development and sale of AI-generated ransomware. Anthropic banned the accounts, implemented new safeguards, and shared indicators with authorities.
MoreIncident 11171 Report
North Korea-Linked Actors Allegedly Use AI Executive Deepfakes in Zoom Phishing Targeting Web3 Employee
2025-06-22
An alleged phishing scheme involving actors linked to North Korea used purported AI-generated deepfake videos of company executives to deceive a Web3 employee during a fake Zoom call. The target was reportedly tricked into installing macOS malware disguised as a "Zoom extension," leading to the deployment of spyware, a keylogger, and a crypto wallet stealer. The attackers reportedly used Telegram and spoofed Zoom domains to orchestrate the breach.
MoreIncident 12081 Report
North Korea's Kimsuky Group Reportedly Uses AI-Generated Military ID Deepfakes in Phishing Campaign
2025-07-17
Genians reported a phishing campaign by North Korea's Kimsuky group using purportedly AI-generated deepfake military ID cards. Emails reportedly impersonating South Korean defense institutions carried ZIP files with forged IDs whose photos were reportedly created using generative AI. When opened, hidden malware reportedly executed, downloading scripts disguised as Hancom Office updates. This reportedly marked an evolution in Kimsuky's tactics, using AI decoys to boost social engineering.
More