Key findings include the undeniable fact that AI is now able to mass producing high-quality fraudulent documents, in addition to automating what the report describes as “the executive minutia of managing extensive shell company networks.” AI powered systems, it states, may “analyze blockchain patterns in real time to dynamically adjust cryptocurrency mixing strategies, effectively evading detection tools.”
As well as, it says, “[tools such as generative AI] which might produce sophisticated fraudulent identification documents, for instance, have helped North Korea perpetrate phishing attacks against Western firms.”
Dr. Aaron Arnold, senior associate fellow with the Centre for Finance and Security at RUSI, who authored the paper, said in an email that what prompted it was an uptick over the past 12 months in North Korea’s use of AI to facilitate and enhance its cyber operations, in the shape of phishing schemes designed to generate revenue for the country’s ballistic missile and nuclear weapons programs.
He advised enterprise IT managers who have to protect their organizations from becoming victims of sanction evasion activities that “[it] means largely adapting to a landscape where traditional human-focused security boundaries are being bypassed by automated technologies.”