The rise of AI hacking tools has sparked concerns about widespread automated vulnerability exploitation. However, a more immediate threat is the use of AI to amplify the capabilities of less sophisticated hackers. A North Korean group has been discovered utilizing AI to automate various aspects of their operations, enabling them to target thousands of victims and steal cryptocurrency. ### AI-Powered Cybercrime On Wednesday, **Expel** disclosed a North Korean state-sponsored cybercrime operation, **HexagonalRodent**, that deployed credential-stealing malware on over 2,000 computers. The group specifically targeted developers working on cryptocurrency, NFT, and Web3 projects. By leveraging AI tools from companies like **OpenAI**, **Cursor**, and **Anima**, **HexagonalRodent** automated tasks ranging from malware creation to building fake websites for phishing campaigns. This AI-enabled approach allowed the group to steal an estimated $12 million in cryptocurrency within three months. ### AI Amplifies Unsophisticated Hackers Security researcher **Marcus Hutchins**, known for disabling the **WannaCry** ransomware worm, emphasizes that the most significant aspect of the **HexagonalRodent** campaign is not its sophistication, but how AI tools enabled a relatively unskilled group to execute a profitable theft operation. "These operators don't have the skills to write code. They don't have the skills to set up infrastructure. AI is actually enabling them to do things that they otherwise just would not be able to do," says **Hutchins**. ### Emoji-Littered, AI-Written Code **HexagonalRodent**'s operation involved tricking crypto developers with fraudulent job offers at fake tech firms, complete with AI-generated websites. Victims were asked to complete a coding assignment infected with malware designed to steal credentials, potentially granting access to their crypto wallets. Despite their effectiveness, the hackers made several mistakes, including leaving their infrastructure unsecured and exposing the prompts used to generate malware with tools like **ChatGPT** and **Cursor**. They also leaked a database tracking victim wallets, allowing **Expel** to estimate the total stolen cryptocurrency. **Hutchins** analyzed the malware and found further evidence of AI involvement, including extensive English comments and the unusual use of emojis in the code. "It's a pretty well-documented sign of AI-written code," **Hutchins** notes. ### Exploiting a Niche According to **Hutchins**, the AI-written code should have been detectable by standard endpoint detection and response tools. However, **HexagonalRodent** targeted individual victims who often lacked these security measures. "They found a niche where you actually can get away with completely AI-generated malware," **Hutchins** explains. **Hutchins** suggests that AI is particularly beneficial for North Korea, which has a limited pool of skilled hackers but can easily recruit less-skilled IT workers. "They have hundreds of people being sent over the border to work in IT operations, and only a few of them really know what they're doing," **Hutchins** says. "But then they're able to use generative AI to get a leg up and actually run fairly successful hacking campaigns." **Expel** estimates that as many as 31 individual hackers were involved in **HexagonalRodent**, indicating that AI is expanding, not reducing, the size of North Korean cyber operations. ### North Korea's AI Embrace The **HexagonalRodent** activity is just a small part of North Korea's broader cybercriminal activities, which include cryptocurrency theft, ransomware, espionage, and infiltrating Western organizations. These operations are often compared to a “state-sanctioned crime syndicate” that funds the nation's nuclear program and infrastructure. North Korea is actively incorporating generative AI into its hacking and fraud workflows. The creation of Research Center 227, under the military’s Reconnaissance General Bureau, demonstrates a focus on AI-driven hacking tools. However, North Korean cyber operators are also leveraging commercial AI tools. **Michael “Barni” Barnhart** from **DTEX** notes that "North Korea is using AI as a force multiplier, and it is helping with every aspect—building resumes, building websites, building exploits, testing vulnerabilities—and they're doing it at speed and scale."