Kimsuky APT (North Korea)
Threat ActorEntity Summary
- Entity ID
- ENT-KIMSUKYAPTNO
- Type
- Threat Actor
- Roles
- Deployer Threat Actor
- Sectors
- —
- Incidents
- 1
- First Incident
- 2025-07
Incident Activity
Incidents Involved as Developer/Deployer (1)
| Incident ID | Title | Severity | Date |
|---|---|---|---|
| INC-25-0045 | Kimsuky APT Uses ChatGPT to Generate Fake South Korean Military IDs for Espionage Campaign | high | 2025-07 |
Incidents as Threat Actor (1)
| Incident ID | Title | Severity | Date |
|---|---|---|---|
| INC-25-0045 | Kimsuky APT Uses ChatGPT to Generate Fake South Korean Military IDs for Espionage Campaign | high | 2025-07 |
Context & Analysis
Kimsuky APT (North Korea) appears in 1 documented incident spanning July 2025. 100% of incidents are rated critical or high severity. The dominant threat domain is Security & Cyber (1 incident). The most common pattern is AI-Powered Social Engineering, appearing in 2 incidents.
Threat Domains
Top Threat Patterns
Frequently Asked Questions
What AI incidents involve Kimsuky APT (North Korea), and what role did it play?
Kimsuky APT (North Korea) appeared as deployer in 1 incident; threat actor in 1 incident. Key incidents include: INC-25-0045 Kimsuky APT Uses ChatGPT to Generate Fake South Korean Military IDs for Espionage Campaign (high severity, 2025-07) .
Which AI threat patterns involve Kimsuky APT (North Korea)?
Kimsuky APT (North Korea)'s incidents involve AI-Powered Social Engineering . These are part of a taxonomy of 49 patterns across 8 domains.
Use in Retrieval
Kimsuky APT (North Korea) (ENT-KIMSUKYAPTNO) is documented at /entities/kimsuky-apt-north-korea/ as
a threat actor in the TopAIThreats.com database.
Incidents span 1 domain: Security & Cyber.
When citing, reference the canonical URL and specific incident IDs (e.g., INC-25-0045) for traceability.