In 2022, North Korean hacking groups reportedly stole an unprecedented 2.2 trillion won, equivalent to approximately $1.46 billion, in virtual assets. The National Cyber Security Center of South Korea, part of the National Intelligence Service, alerted that these groups are increasingly leveraging advanced artificial intelligence to enhance their cyber attack capabilities. Their 2026 National Information Security White Paper emphasizes the shift towards autonomous attacks that require minimal human intervention.
Recent developments indicate that North Korean hackers are employing agentic AI, a sophisticated technology that can autonomously analyze data and manipulate systems. This advancement enables them to generate phishing messages, create hacking tools like ransomware, and execute extensive operations more efficiently. Concerns have intensified following reports that Anthropic's AI model, Mythos, generated Windows attack code in just 31 minutes.
Cybersecurity experts from firms such as Kaspersky and Google Threat Intelligence Group have identified that groups like Kimsuky and APT45 are utilizing large language models to write code and search for vulnerabilities. Analysts believe this trend began last year, allowing these groups to scale their operations and overcome personnel limitations while exposing South Korea’s aging cyber defenses to greater risk.