An analysis indicates that hacker organizations connected to North Korea and China are indiscriminately attacking major industries and institutions worldwide using artificial intelligence (AI) as a weapon. A study also revealed that from the second half of last year, AI-based voice phishing and impersonation attacks increased by more than 400% compared to the same period the previous year.
According to the industry on the 8th, the global security company CrowdStrike's recently released '2025 Global Threat Report' shows that cyber operations by hacker organizations connected to China increased by 150% compared to the previous year. In particular, targeted attacks aimed at key industries such as manufacturing, finance, and media increased by as much as 300%.
The report pointed out that social engineering attacks combined with AI, particularly voice phishing techniques, are surging. Voice phishing and impersonation emails using AI alone increased by 442% in the second half of last year, and many methods for stealing credentials without malware have been detected.
Adam Meyers, senior vice president of intelligence operations at CrowdStrike, noted that "China's cyber espionage activities and the rapid weaponization of AI-based tactics are prompting a reevaluation of security approaches," adding that "attack forces are overwhelming existing security frameworks by stealing Shinwon information and traversing multiple domains."
North Korea's cyber attacks are also on the rise. CrowdStrike reported that the North Korea-linked organization 'Famous Chollima' carried out over 300 attacks last year. Among these, 40% were carried out by abusing insider privileges, raising concerns about the potential incapacitation of existing security systems.
The Google Threat Intelligence Group also stated in a recent report that North Korea's cyber attacks are spreading beyond the U.S. to Europe and globally. Numerous cases have been identified where counterfeit identification cards and manipulated recommendations were used to infiltrate defense contractors and government agencies, and it is analyzed that the methods for concealing traces of attacks and funding through cryptocurrencies and virtual infrastructure are becoming more sophisticated.
Google warned that "North Korea has raised funds for its regime through past SWIFT financial hacks, cryptocurrency theft, and ransomware, and it is evolving into increasingly sophisticated cyber tactics as international sanctions tighten."
As such, with cyber threats evolving beyond traditional methods to an AI-based approach, the domestic security industry is declaring the arrival of the 'Hacking 3.0' era. According to the security industry, Hacking 1.0 refers to early hacking focused on simple vulnerabilities such as viruses and worms, Hacking 2.0 is centered on precise targeted infiltration and advanced persistent threats (APTs), and Hacking 3.0 signifies the current period of large-scale, advanced attacks based on AI, machine learning, and cloud environments.
Jeon Deok-jo, representative of network detection and response corporations SecuVista, stated, "The most prevalent cyber attacks last year were AI-based attacks, ransomware, third-party vulnerabilities, and insider threats," and added that "this trend indicates that we are entering the Hacking 3.0 era, with the scale of attacks gradually increasing."
Cyber attacks are also posing a threat to the domestic medical and health sectors. The National Intelligence Service recently stated that "medical sector computer systems are becoming concentrated targets of hacking forces such as North Korea" and announced the 'hospital information system security guidelines.' The NIS revealed that North Korea is systematically distributing hacking emails and conducting attacks targeting domestic medical and bio companies after declaring 2025 as the 'year of health revolution.'
An official from the National Intelligence Service stated that "the hacking forces such as North Korea are brazenly targeting medical information systems that are directly linked to patient lives, making it urgent to strengthen cybersecurity in the medical field."