According to a report recently published by Google’s Threat Analysis Group (TAG), evidence suggests that North Korean hackers are using Google’s artificial intelligence (AI) technology to refine their cyberattacks. However, AI technology itself did not directly conduct the hacking; rather, hackers have been utilizing AI to analyze information and optimize their attacks.
Google TAG reported that North Korean hacking groups used the AI service “Gemini” to investigate information on specific institutions and then attempted tailored attacks based on their findings. In particular, efforts were made to collect internal information from defense industries and government agencies. Some hacking groups also attempted to gain network access by disguising themselves as IT job applicants at Western companies.
Regarding this issue, Google emphasized that AI did not directly carry out cyberattacks. Instead, hackers likely used AI to refine phishing attacks and efficiently analyze target organizations. Additionally, there were indications that North Korean hacking groups attempted to bypass international sanctions by attacking cryptocurrency exchanges and financial systems.
Cybersecurity experts warn that North Korean hackers are increasingly refining their use of AI, and future cyberattacks leveraging this technology are expected to rise. Given the potential impact of North Korea’s cyberattacks targeting military and nuclear-related information on national security, experts stress the need for thorough preparations by governments and relevant institutions.
A representative from the Korea Internet & Security Agency (KISA) stated, “As AI technology advances, cyberattack methods are also becoming more sophisticated. Previously, hackers had to spend a long time gathering information before launching an attack, but with AI, they can now develop more precise and effective attack strategies in a shorter period.”
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) also commented, “Not only North Korea but also state-sponsored hackers from various countries are using AI to enhance phishing emails, develop malware, and refine social engineering tactics. AI-driven hacking will become increasingly sophisticated, so proactive measures are necessary.” Additionally, Google’s security manager, Kimberly Samra, noted, “North Korean cyber threat actors are highly likely to continue researching and utilizing AI technology in the future.”
Cyberattacks leveraging AI are not limited to North Korea; various other nations and hacker groups have employed similar tactics. For instance, in 2023, a Russian hacker group used AI to conduct a large-scale phishing campaign targeting Western media outlets. Analysis indicated that this campaign successfully spread fake news and caused social disruption.
Moreover, Chinese hackers have reportedly used AI to generate deepfake videos, which were then employed to defame political opposition groups or steal corporate secrets as part of cyber psychological warfare. These cases highlight concerns that AI is not merely a tool for information retrieval but can significantly enhance hacking strategies.
Currently, intelligence agencies in the United States and South Korea are closely monitoring North Korean hackers’ use of AI, collaborating with major cybersecurity firms to strengthen cyber defense systems. As AI technology continues to advance, the likelihood of its misuse in cyberattacks is increasing, making swift responses by governments and corporations essential.
Global IT firms, including Google, are also reinforcing security measures to prevent the misuse of AI technology and have pledged to increase transparency in AI applications. Cybersecurity experts argue that in response to AI-driven hacking threats, the development of AI-based security solutions must also progress.
This incident serves as a clear example of how the rapid advancement of AI technology is affecting the cybersecurity landscape. It underscores the necessity for security frameworks worldwide to quickly adapt to the AI era. The North Korean hackers’ AI usage is likely to be emulated by more nations and hacker groups, making international cooperation even more critical.
