Искусственный интеллект извлекает опасность из недр хакерских схем Северной Кореи Translation: Artificial Intelligence Unearths Danger from the Depths of North Koreas Hacking Schemes

Hackers from North Korea are integrating artificial intelligence into every stage of cyberattacks — from phishing to laundering funds. According to cryptographer Kostas Halkias from Mysten Labs, AI poses a greater threat to cryptocurrency than quantum computing, as stated in an interview with CoinDesk.

*»Neural networks are the best tool I’ve ever had as a white hat hacker. You can imagine the consequences when they fall into the wrong hands,»* the expert remarked.

He pointed out that groups like Lazarus employ large language models (LLMs) to automatically scan thousands of smart contracts.

Artificial intelligence can aggregate data from past breaches and identify the same vulnerabilities elsewhere within minutes. This capability transforms a small state-sponsored hacking group into something akin to a digital military-industrial complex, capable of scaling attacks with a single request, noted Halkias.

The cryptographer believes the real threat comes from AI rather than quantum computing: *»There is no evidence that any computer today can break modern cryptography. We are at least 10 years away from that.»*

The combination of both technologies may accelerate threats to the digital asset sector. DeFi platforms are particularly vulnerable, as open-source code allows LLMs to analyze the logic behind every line.

Halkias anticipates that regulators will soon require continuous audits for exchanges and smart contracts, taking into account AI capabilities.

*»Every new version of GPT or Claude identifies different weaknesses. If you’re not testing your system against them, you’re already behind,»* he emphasized.

The expert also mentioned that North Korea has begun experimenting with propaganda and fake content generated by AI. However, traditional social engineering, augmented by AI, remains their most effective weapon.

When asked about the likelihood of North Korea developing a quantum computer, Halkias responded negatively: *»The real race is between the U.S. and China. North Korea will exploit AI for phishing, deepfakes, and deception. That’s their strength. They don’t need quantum computers to hack crypto — they need artificial intelligence to make their attacks invisible,»* the cryptographer concluded.

Since January 2024, cybercriminals from North Korea have stolen $2.84 billion in cryptocurrency, as reported by the Multilateral Sanctions Monitoring Group (MSMT) linked to the United Nations.

A significant portion of this money results from an attack on Bybit in February.

In addition to breaches, hackers are increasingly utilizing schemes involving remote job vacancies in IT and the crypto industry. In May, the Kraken exchange team uncovered a North Korean spy among applicants for an engineering position.

This directly violates UN Security Council resolutions 2375 and 2397, which prohibit hiring North Korean candidates.

Nevertheless, Pyongyang continues to promote its specialists in at least eight countries, including China, Russia, Laos, Cambodia, Equatorial Guinea, Guinea, Nigeria, and Tanzania.

According to the report, between 1,000 and 1,500 such workers were based in China. By early 2025, between 150 and 300 people were expected to work in Russia. As part of an overall plan, Pyongyang aimed to send over 40,000 workers to Russia, including several IT delegations.

To legitimize these activities, the parties intended to use student visas.

*»For instance, as reported by one of the MSMT participant states, a Russian educational company, the ANO «HDC Cooperation,» issued student visas to hundreds of North Korean citizens in 2024. This allowed them to enter Russia and work in various fields, including IT,»* the report states.

Experts believe that most of the stolen funds are primarily used to finance military programs. With the illicit assets, Pyongyang purchases a wide range of weapons, from armored vehicles to missile systems.

Cyber espionage primarily targets critical industries, including semiconductor manufacturing, uranium processing, and more.

However, the report authors noted an increasing effectiveness in countering North Korean hackers by Western countries.

Andrew Fireman, head of the national security intelligence department at Chainalysis, told Decrypt that *»the capabilities of law enforcement, intelligence agencies, and the private sector to identify and neutralize risks have grown significantly.»*

It’s worth recalling that in August, an unknown user hacked the account of a North Korean IT specialist linked to a small hacking group involved in the theft of $680,000.