AI-Driven Deepfake Military ID Fraud Campaign

Sept. 15, 2025, 7:43 p.m.

Description

The Kimsuky APT group has launched a sophisticated spear-phishing campaign using AI-generated deepfake military ID cards to target South Korean defense institutions. The attack impersonates military employee ID issuance processes and exploits ChatGPT to create convincing fake ID images. The malware employs obfuscated batch files and AutoIt scripts to evade detection, connecting to command and control servers for further payload deployment. The campaign demonstrates the evolving tactics of state-sponsored threat actors in leveraging AI technologies for cyber espionage. Analysis reveals connections to previous Kimsuky operations targeting unification researchers and government agencies, highlighting the persistent nature of the threat.

Tags
obfuscation
apt
south korea
ai
autoit
chatgpt
spear-phishing
military
deepfake
2025-09-15

Date

  • Created: Sept. 15, 2025, 8 a.m.
  • Published: Sept. 15, 2025, 8 a.m.
  • Modified: Sept. 15, 2025, 7:43 p.m.

Indicators

  • 59.25.184.83
  • 58.229.208.146
  • 183.111.182.195
  • 112.175.184.4
  • 111.92.189.12
  • 183.111.161.96
  • 121.254.129.86
  • 183.111.174.34
  • www.jiwooeng.co.kr
  • http://www.jiwooeng.co.kr/zb41pl7/bbs/icon/private_name/private.php?name=
  • http://dangol.pro/bbs/option.php
  • zabel-partners.com
  • versonnex74.fr
  • seytroux.fr
  • jiwooeng.co.kr
  • hyounwoolab.com
  • guideline.or.kr
  • dangol.pro
  • contamine-sarzin.fr
  • astaibs.co.kr
  • genians.com
Download all indicators here!

Attack Patterns

  • Kimsuky

Additional Informations

  • Defense
  • Government