North Korean Groups Use AI to Expand Intrusions

Microsoft Threat Intelligence said Friday that North Korean groups Coral Sleet, Sapphire Sleet and Jasper Sleet are using generative AI to accelerate and scale schemes that place remote technical workers at global companies. Researchers said AI tools help build tailored job-market personas, create multilingual lures and automate post-compromise tasks — including Faceswap identity photos and real-time voice modulation — increasing persistence and reducing detection time.
Key Points
- 1Use generative AI to craft job-market personas and research Upwork postings for targeted roles
- 2Enable rapid multilingual lures and voice-modulated impersonations that increase initial-access success rates
- 3Reduce detection and escalation time by automating post-compromise analysis, lateral movement, credential theft
Scoring Rationale
High novelty and credibility from Microsoft's intelligence report, but limited large-scale agentic-AI use reduces immediate operational impact.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
