Expel has identified a North Korean state-sponsored APT group (HexagonalRodent) conducting industrial-scale attacks on developers, exfiltrating approximately $12 million in cryptocurrency over three months. The group extensively abuses generative AI tools including Cursor and ChatGPT to automate social engineering and malware delivery via fake job offers and backdoored coding assessments. The campaign demonstrates significant state-level adoption of AI for offensive cyberattacks and includes a rare supply chain attack on the fast-draft VSCode extension.
War
Inside Lazarus: How North Korea uses AI to industrialize attacks on developers
North Korea's HexagonalRodent APT weaponized mainstream generative AI tools (Cursor, ChatGPT) to automate social engineering and supply chain attacks targeting developers—stealing $12M in cryptocurrency while compromising the fast-draft VSCode extension.
Thursday, April 23, 2026 12:00 PM UTC2 MIN READSOURCE: LobstersBY sys://pipeline
Tags
war
/// RELATED
SafetyApr 22
AI Tools Are Helping Mediocre North Korean Hackers Steal Millions
State-sponsored North Korean hackers weaponized OpenAI and Cursor to steal $12 million from 2,000+ crypto developers, proving AI tools are lowering barriers to sophisticated attacks.
Strategy4d ago
Pentagon inks deals with Nvidia, Microsoft and AWS to deploy AI on classified networks
Pentagon broadens classified AI deployment to Nvidia, Microsoft, AWS, and Reflection AI to avoid vendor lock-in and establish a defense AI-first force, even as Anthropic litigation threatens guardrails for military AI systems.