Kimsuky deploys AI-assisted malware including new Rust-coded tool in campaign targeting South Korea

North Korea's Kimsuky group deployed AI-assisted malware targeting South Korean entities, with code partly written in Rust. Kaspersky says the campaign shows signs that large language models helped build it.

Categorized in: AI News IT and Development

Published on: May 16, 2026

North Korean hackers deploy AI-assisted malware in new data-theft campaign

A North Korean cybercrime group has released malware showing signs of development assisted by artificial intelligence, including new code written entirely in Rust, according to security researchers at Kaspersky.

The malware, called HelloDoor, is part of a broader operation by Kimsuky, a Pyongyang-backed actor. Kaspersky said the group refreshed its toolkit using PebbleDash, a malware series originally linked to North Korea's Lazarus Group.

Researchers first detected the malware in August and observed telltale signs that large language models helped develop it. The campaign targets South Korean entities and combines new and existing malicious software to steal data from computers.

What this means for developers

The use of AI in malware development signals a shift in how state-backed hackers approach code creation. LLMs can accelerate malware development by generating functional code quickly, reducing the need for specialized expertise.

Rust, a systems programming language, makes the malware cross-platform and harder to detect than traditional malware. Its use suggests attackers are adopting modern development practices.

IT and development teams should treat AI-assisted threats as a separate category from conventional attacks. Malware built with LLM assistance may have different structural patterns and behavioral signatures.

The broader context

Kimsuky has a history of targeting South Korean government agencies, think tanks, and media outlets. The group's refresh of its malware arsenal suggests sustained operations and access to development resources.

This campaign demonstrates that state-backed actors now view AI tools as standard development infrastructure, not experimental technology. Organizations need security strategies that account for faster malware iteration and more varied attack code.

Learn more about AI coding practices and how they apply to security, or explore AI tools for IT and development teams defending against these threats.

Get Daily AI News

Your membership also unlocks:

700+ AI Courses

700+ Certifications

Personalized AI Learning Plan

6500+ AI Tools (no Ads)

Daily AI News by job industry (no Ads)

Kimsuky deploys AI-assisted malware including new Rust-coded tool in campaign targeting South Korea

North Korean hackers deploy AI-assisted malware in new data-theft campaign

What this means for developers

The broader context

Related AI News for IT and Development

Kimsuky deploys AI-assisted malware including new Rust-coded tool in campaign targeting South Korea

MARA acquires 505 MW Ohio gas plant for $1.5 billion to expand AI infrastructure

Raspberry Pi founder warns AI hype could deter people from tech careers and worsen skills shortage

Engineers spend a third of their day auditing AI code, report finds

About Complete AI:

Latest AI News for your Job:

Courses by AI Skill:

Courses by Job Field:

Courses by AI Company:

AI Tools for your Job:

AI Tools by Type:

AI Certifications by Skill:

AI Certifications by Job Field:

AI Certifications by Company: