The use of AI by North Korean hackers for attacks... 86 incidents have put the industry on high alert.

As North Korean Hacker organizations increasingly sophisticated cyberattacks on South Korean industries, the government and enterprises are accelerating the construction of multi-layered security response systems. Recently, new types of attacks that abuse artificial intelligence technology have even emerged, and the response capability is facing severe challenges.

According to the report “2025 Cyber Threat Trends and 2026 Outlook” released by the South Korean security company AhnLab, there were a total of 86 suspected targeted persistent attacks (APT) initiated by North Korea from October last year to September this year. These attacks targeted not only government or defense agencies but also spread more widely to financial companies, information technology enterprises, news media, and other sectors, highlighting the seriousness of the issue.

The report indicates that the main attack entities include organizations such as Lazarus, Kim Sook-hee, and Andariel, which are believed to be affiliated with North Korea's Reconnaissance General Bureau. Lazarus primarily focuses on financially motivated attacks targeting cryptocurrency, and it has been confirmed that they deploy malicious code capable of executing attacks across multiple operating systems. Kim Sook-hee, on the other hand, specializes in spear phishing, using malicious files that mimic the format of genuine documents as penetration tools.

These hacker techniques are increasingly being assessed as higher-level threats due to the growing number of cases that are difficult to identify through simple mechanical detection. The disguise techniques, which are indistinguishable from genuine documents in terms of document titles, content, sender organization names, and the composition of files, have become normalized and can effectively evade detection patterns of security programs. Analysts in the security industry believe that by 2025, the precision of such disguise techniques will be further enhanced.

At the same time, the rapidly developing artificial intelligence technology is becoming a new emerging threat factor. When generating malicious documents or phishing information, attackers commonly use generative AI to construct natural sentences that resemble real business emails. They utilize AI automation tools to produce dozens to hundreds of variants of malicious code in a short period, continuously disrupting security systems.

In response to this situation, the industry and government are actively promoting upgrades to security solutions. The application range of “email sandbox” technology for automatic analysis of email attachments continues to expand, and the “multi-factor authentication” system, which employs dual or more authentication procedures, has also been widely deployed. Especially in sectors with potentially significant damage, such as virtual assets, defense industry, and public infrastructure, the threat intelligence sharing system is being strengthened, and customized response manuals are being updated simultaneously.

Experts predict that network attack methods will continue to evolve towards precision and automation. In the future, technologies that can quickly analyze abnormal signs before attack detection, as well as the strengthening of internal security awareness within organizations, will become increasingly important. Users strictly adhering to security protocols in their daily operations are still regarded as the most fundamental and effective defense measures.