North Korean Hackers Deploy AI-Assisted Malware in Data Theft Campaign
A North Korean cybercrime group has released malware showing signs of development assisted by artificial intelligence, including new code written entirely in Rust, according to security researchers at Kaspersky.
The malware, called HelloDoor, is part of a broader operation by Kimsuky, a Pyongyang-backed actor. The group refreshed its toolkit using PebbleDash, a malware series originally linked to North Korea's Lazarus Group. Kaspersky published its findings Thursday.
The campaign targets South Korean entities. Researchers first detected HelloDoor in August and found telltale signs that large language models (LLMs) assisted in its development.
What This Means for Development Teams
The use of Rust-a systems programming language known for memory safety-suggests the attackers are adopting modern development practices. Rust's cross-platform capability makes malware easier to deploy across different systems without rewriting core logic.
The reliance on LLM-assisted coding indicates attackers are automating parts of malware development. This could lower technical barriers for threat actors and accelerate the pace of new malware variants.
Broader Context
HelloDoor is not the first tool in this campaign. Kimsuky combined new malware with existing tools, suggesting a strategy to maximize coverage across target systems. The group has a history of targeting government and financial institutions in South Korea.
For IT and development professionals, this underscores the need to understand how AI tools can be misused. Developers working on security should familiarize themselves with how LLMs generate code and what defensive measures apply to AI-assisted threats.
AI Coding Courses and resources on AI for IT & Development can help teams stay ahead of these evolving tactics.
Your membership also unlocks:
