North Korea’s Hackers Evolve With AI, Turning Cyber Espionage Into Digital Warfare
SEOUL, Nov. 11 (Korea Bizwire) — North Korean hackers have escalated their cyberattacks to a new level of sophistication, using artificial intelligence to remotely control South Koreans’ smartphones, erase data, and even spy on users through webcams and location-tracking services, according to industry experts.
Cybersecurity analysts say the regime’s hacking operations have evolved from data theft to full-scale digital sabotage capable of disrupting daily life. “North Korea’s cyberattacks are no longer about stealing information—they’re about destroying digital systems and causing chaos,” said one Seoul-based security official.
The shift was first observed in 2023, when North Korea’s APT37 hacking group targeted activists, defector organizations, and businessmen involved in inter-Korean affairs. The attackers not only stole voice recordings but also deployed destructive malware, signaling an intent to cripple their targets’ digital infrastructure.
Later that year, another North Korean group, Kimsuky, infiltrated South Korea’s government network using stolen administrative certificates and passwords.
More recently, Pyongyang’s hackers have begun weaponizing AI. A report by U.S. firm Anthropic in August revealed that North Korean operatives used AI tools to fabricate fake online identities and pass technical interviews for overseas IT jobs—part of a broader effort to skirt international sanctions and earn foreign currency.
South Korean cybersecurity company Genians reported that Kimsuky operatives created AI-generated deepfake images to spear-phish military agencies and developed malware capable of remotely disabling smartphones.
Once phones were bricked, the hackers allegedly used the victims’ other devices to spread malicious files via KakaoTalk messages, often timing attacks when users were away from home or work.
Experts say the attackers monitored victims’ movements through Google’s location services or webcam spyware installed on compromised PCs.
“The speed at which North Korea is exploiting AI outpaces our ability to defend against it,” said Kang Byung-tak, CEO of AI Spera. “They can launch attacks instantly, while defenders take weeks to patch vulnerabilities.”
Security specialists are urging South Korean companies and government agencies to adopt stronger real-time defense systems, such as endpoint detection and response (EDR) technologies, which are already standard in the United States.
Without such upgrades, experts warn, AI-powered cyberattacks from Pyongyang could soon move beyond espionage and data destruction to direct disruption of national infrastructure.
M. H. Lee (mhlee@koreabizwire.com)
