Biz.Chosun
Kimsuky Group Leverages AI for Malware Targeting South Korean Government
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The North Korean hacking group Kimsuky is utilizing generative AI to create malware aimed at South Korean government systems, as reported by Kaspersky on May 14, 2026. The malware, named HelloDoor, is a Rust-based backdoor that shows signs of AI involvement in its coding, including the use of emojis and grammatical errors. Kimsuky has also adopted new tactics, such as using Visual Studio Code's remote tunneling feature to covertly access victim devices. The group's AppleSeed malware targets the Government Public Key Infrastructure (GPKI), which is crucial for accessing government systems. If compromised, this could allow unauthorized access to sensitive government accounts. Kaspersky's analysis indicates that military officials, government employees, and telecom workers have been infected. The report emphasizes the need for enhanced detection systems and updated threat intelligence to combat these evolving threats.
Key Points: • Kimsuky is using AI to develop malware, including the HelloDoor backdoor. • The group targets South Korean government officials' digital certificates via the AppleSeed malware. • New attack methods include using Visual Studio Code's remote tunneling to evade detection.