North Korea-Linked KONNI Group Uses AI to Develop Stealthy Malware Tools

Check Point Research has uncovered an active phishing campaign attributed to the North Korea-linked group KONNI (also known as Kimsuky, Earth Imp, TA406, Thallium, Vedalia, and Velvet Chollima). The operation targets software developers and engineers using fake blockchain project documents. The group employs an AI-written PowerShell backdoor to make its malicious tools more stealthy. This campaign marks an evolution in the group's tactics, integrating artificial intelligence into the development of their malware.