Kimsuky Group Leverages AI for Malware Targeting South Korean Government

Kimsuky Group Leverages AI for Malware Targeting South Korean Government

First seen 14 May 2026, 11:02 UTC En.Yna.Co.KrBiz.ChosunSecurelistwww.genians.co.krNknews 87% similarity 75.5

Article Content

Browse articles
ThreatCluster

The North Korean hacking group Kimsuky is utilizing generative AI to create malware aimed at South Korean government systems, as reported by Kaspersky on May 14, 2026. The malware, named HelloDoor, is a Rust-based backdoor that shows signs of AI involvement in its coding, including the use of emojis and grammatical errors. Kimsuky has also adopted new tactics, such as using Visual Studio Code's remote tunneling feature to covertly access victim devices. The group's AppleSeed malware targets the Government Public Key Infrastructure (GPKI), which is crucial for accessing government systems. If compromised, this could allow unauthorized access to sensitive government accounts. Kaspersky's analysis indicates that military officials, government employees, and telecom workers have been infected. The report emphasizes the need for enhanced detection systems and updated threat intelligence to combat these evolving threats.

Key Points: • Kimsuky is using AI to develop malware, including the HelloDoor backdoor. • The group targets South Korean government officials' digital certificates via the AppleSeed malware. • New attack methods include using Visual Studio Code's remote tunneling to evade detection.

ThreatCluster AI

Timeline

2025-08-01
HelloDoor malware identified
Kaspersky first discovered HelloDoor, a Rust-based backdoor linked to Kimsuky, indicating advanced coding techniques.
En.Yna.Co.Kr
2026-05-14
Kaspersky report on Kimsuky released
Kaspersky published findings detailing Kimsuky's use of AI in malware development and targeting government systems.
Biz.Chosun
Recent
Increased targeting of South Korean officials
Kimsuky's attacks have escalated, affecting military and government officials through sophisticated phishing tactics.
Biz.Chosun

Community

Browse all →