Microsoft: North Korean Hackers Use AI to Scale Fake IT Worker Schemes, Test Agentic Tools

Overview

• Microsoft’s latest threat intelligence details three North Korean‑linked groups — Coral Sleet, Sapphire Sleet and Jasper Sleet — accelerating persona creation for technical roles with generative AI.
• Jasper Sleet uses AI to mine job postings on platforms such as Upwork, tailor résumés and profiles, and sustain employment with AI‑written responses, code snippets and multilingual communications.
• Researchers observed AI‑driven media and voice tools, including Faceswap and real‑time voice modulation, to forge identities and insert faces into stolen documents for more convincing impersonations.
• Threat actors are applying language models across reconnaissance, phishing, infrastructure setup, malware development and post‑compromise tasks, often bypassing safeguards through LLM jailbreaks.
• Microsoft reports early experiments with agentic AI to automate reconnaissance and manage attack infrastructure — including Coral Sleet’s rapid infrastructure staging — without evidence of large‑scale autonomous operations.