Blog categories
Weekly newsletter
No spam. Just the latest releases and tips, interesting articles, and exclusive interviews in your inbox every week.
Latest from the blog
Military ID Deepfakes: How North Korean Hackers Target the South with AI
Posted on: 17 September 2025 | Author: Foresiet
Introduction
North Korean threat actor Kimsuky has escalated its social engineering tactics by leveraging military ID deepfakes to deceive South Korean targets. According to a recent analysis by South Korean cybersecurity firm Genians, the group is now using AI-generated images to impersonate military personnel, making phishing campaigns more convincing and harder to detect. This marks a worrying evolution in the use of generative AI for cyberattacks, reinforcing the urgent need for robust defenses such as digital footprint analysis and brand protection solutions from trusted providers like Foresiet.
Deepfakes as a Social Engineering Weapon
The attack involved sending emails with AI-created South Korean military identification documents to journalists, researchers, human rights activists, and a defense institution. The emails asked recipients to review “draft” ID documents, tricking them into clicking malicious links.
A spokesperson from Genians highlighted that this strategy is “less about visual deception and more about enhancing social-engineering effectiveness.” By aligning fake documents with a recipient’s professional context, attackers significantly increase the chance of engagement.
Generative AI in Cybercrime
Kimsuky isn’t alone in exploiting AI. Other North Korean groups like PurpleDelta and PurpleBravo have used large language models (LLMs) and image generators for creating synthetic identities, improving phishing content, correcting English, and even translating texts. Recorded Future’s analysts observed PurpleBravo using AI-generated recruiter images to lure cryptocurrency developers with fake job offers.
Reports from OpenAI and Anthropic also confirm that hacking groups are misusing generative AI tools to scale their operations, including building synthetic identity services and bypassing detection through automated code modification.
Why Military ID Deepfakes Are Effective
Military identification carries an inherent sense of authority, which can disarm even skeptical recipients. John Fokker of Trellix noted that such IDs lend credibility, making targets more likely to open files or links. Trend Micro researchers added that while they hadn’t seen this exact lure before, it’s consistent with the evolving deception tactics of state-sponsored groups.
Attack Execution and Tactics
Victims were first enticed by phishing emails referencing sensitive topics like North Korea’s economy or political issues in South Korea. Clicking the malicious link downloaded a zip file containing an LNK shortcut. When opened, it compromised the system. Genians linked the attacks to Kimsuky through threat indicators like specific malware and IP addresses.
The Bigger Picture
This campaign shows a growing trend: nation-state actors weaponizing generative AI for sophisticated cybercrime. The blending of military ID deepfakes with AI-assisted phishing can fool even experienced cybersecurity professionals.
For organizations and individuals, proactive steps such as online risk evaluation, employee training, and leveraging services like darknet monitoring or brand impersonation defense are critical. Companies like Foresiet emphasize continuous digital footprint analysis to identify vulnerabilities before attackers can exploit them.
Conclusion
The rise of military ID deepfakes is a stark reminder of how rapidly cyberthreat tactics evolve. North Korean actors like Kimsuky are pushing the boundaries of social engineering by combining deepfake technology with phishing schemes. To stay ahead, organizations must invest in threat intelligence, adopt advanced monitoring tools, and educate employees on spotting sophisticated lures. As AI technology advances, vigilance and adaptive cybersecurity strategies are more important than ever.
About us!
Foresiet is the pioneering force in digital security solutions, offering the first integrated Digital Risk Protection SaaS platform. With 24x7x365 dark web monitoring and proactive threat intelligence, Foresiet safeguards against data breaches and intellectual property theft. Our robust suite includes brand protection, takedown services, and supply chain assessment, enhancing your organization’s defense mechanisms. Attack surface management is a key component of our approach, ensuring comprehensive protection across all vulnerable points. Compliance is assured through adherence to ISO27001, NIST, GDPR, PCI, SOX, HIPAA, SAMA, CITC, and Third Party regulations. Additionally, our advanced antiphishing shield provides unparalleled protection against malicious emails. Trust Foresiet to empower your organization to navigate the digital landscape securely and confidently.
Latest
From the blog
The latest industry news, interviews, technologies, and resources.