According to a report, the North Korean hacker group Emerald Sleet appears to be using ChatGPT to trick users of LinkedIn and other social media to steal sensitive information and data.
See also: North Korean hackers stole crypto worth $600 million in 2023
The parent company of ChatGPT, OpenAI and Microsoft Revealed last week that "interrupted five state-connected individuals who were engaged in malicious cyber attacks, using artificial intelligence services.“
Using Microsoft Threat Intelligence, accounts associated with two threat groups from China known as Charcoal Typhoon and Typhoon salmon, the threat group from Iran known as Crimson Sandstorm, the hacker group from North Korea known as Emerald Sleet, and the threatening agent from Russia known as Forest Blizzard.
Microsoft, which owns LinkedIn, said that Emerald Sleet, also known as Kimsuky, impersonated "reputable academic institutions and NGOs to attract victims to respond with specific analyses and comments on foreign policies concerning North Korea" and all this through the use of ChatGPT.
OpenAI reported that North Korea's Emerald Sleet account used its services to "identifying experts and organisations focusing on defence issues in the Asia-Pacific region, understanding available public vulnerabilities, supporting key scenario work and drafting content that could be used in campaigns phishing.“
See also: Kimsuky hackers target research centres for backdoor distribution
According to Yonhap, South Korea's state intelligence agency has found evidence that North Korea has tried to incorporate genetic artificial intelligence into its attacks hacking and other illegal cybercriminal activities.
The NIS (National Intelligence Service) added that it also suspects that it is using foreign IT employees to get jobs in IT companies to place malicious code on software that they developed in companies to steal cryptocurrencies.
Η Erin Plante, vice president of research at cryptocurrency cybersecurity firm Chainalysis, told the Financial Times that "North Korean hacker groups have been observed creating trusted employer profiles on professional social networking sites such as LinkedIn.”
See also: North Korean hackers target shipyards in South Korea
How LinkedIn users can protect themselves from ChatGPT attacks of Emerald Sleet?
First, it is important for LinkedIn users to be careful with the connection requests they receive. Do not accept requests from strangers or from profiles that do not appear to be genuine. Second, it is important that they use complex passwords and change their passwords regularly. This can help protect their accounts from Oversight. Third, LinkedIn users should be careful with the messages they receive, especially if they contain links or attachments. Never open a link or attachment from an unknown sender. Finally, it's a good idea to enable the two-step verification process on their accounts. This adds an extra layer of security, as users will need to confirm their identity via a second medium, such as a mobile phone, before they can log in.
Source: readwrite
