Kimsuky, a North Korean hacking group, is now using fake military ID cards created with artificial intelligence (AI) tools to pull off its latest phishing campaign. According to cybersecurity firm Genians Security Center (GSC), this is a new step from the group’s past ClickFix tactics, which previously tricked victims into running malicious commands by presenting them with fake security pop-ups.
The new approach was first detected in July 2025 when attackers sent emails that looked like they were from a legitimate South Korean defence institution. These messages were designed to grab attention, usually pretending to be about a new ID card for military personnel.
The bait is a ZIP file containing what appears to be a draft of a real military ID. But there’s a catch: the convincing photo on the ID isn’t real. It’s an AI-generated deepfake with a near-perfect 98% certainty of being fake, created using widely available AI tools like ChatGPT.
Read the rest of the story at Hack Read.