Seoul: A North Korea-linked hacking group is leveraging artificial intelligence (AI) technology to develop malicious software targeting the South Korean government's electronic authentication system, a Russian cybersecurity firm said Thursday. Kaspersky said in its latest report its researchers discovered that "HelloDoor," a backdoor malware program first identified last August, was linked to the North Korean hacking group Kimsuky.

According to Yonhap News Agency, Kaspersky's report revealed comments in the malware code that seemed to have been generated by a large language model (LLM) service, as opposed to a human developer. This conclusion was drawn from traces, including emojis used for logging debugging messages, which are uncommon in traditional coding practices.

The report also highlighted new cyberattack tactics employed by the state-sponsored hacking group. Since last year, Kimsuky has been using a feature called "Visual Studio Code Remote Tunneling" instead of deploying malware directly to establish covert remote access to victims' devices, according to the report.

The report noted that these advancements pose greater threats, particularly to South Korean government institutions, which have been the primary targets of the hacking group. In particular, Kimsuky's "AppleSeed" malware is mainly used to extract key data from the South Korean government's authentication system used on government servers.

The report warned that if authentication data is compromised, hackers could gain unauthorized access to internal government systems through hijacked accounts, posing a broader security threat to the nation's infrastructure.