AI Tools Are Helping Mediocre North Korean Hackers Steal Millions
Andy Greenberg Matt Burgess Security Apr 22, 2026 12:00 PM AI Tools Are Helping Mediocre North Korean Hackers Steal Millions One group of hackers used AI for everything from vibe coding their malware to creating fake...
Anthropic — What company has the best second artificial intelligence model at the end of June?
A striking development has emerged in artificial intelligence. Andy Greenberg Matt Burgess Security Apr 22, 2026 12:00 PM AI Tools Are Helping Mediocre North Korean Hackers Steal Millions One group of hackers used AI for everything from vibe coding their malware to creating fake company websites—and stole as much as $12 million in three months. Photo-Illustration: WIRED Staff; Getty Images Comment Loader Save Story Save this story Comment Loader Save Story Save this story The advent of AI hacking tools has raised fears of a near future in which anyone can use automated tools to dig up exploitable vulnerabilities in any piece of software , like a kind of digital intrusion superpower. Here in the present, however, AI seems to be playing a more mundane, if still concerning, role in hackers’ toolkit: It’s helping mediocre hackers level up and carry out broad, effective malware campaigns.
That includes one group of relatively unskilled North Korean cybercriminals who’ve been discovered using AI to carry out virtually every part of an operation that hacked thousands of victims to steal their cryptocurrency. On Wednesday, cybersecurity firm Expel revealed what it describes as a North Korean state-sponsored cybercrime operation that installed credential-stealing malware on more than 2,000 computers, specifically targeting the machines of developers working on small cryptocurrency launches, NFT creation, and Web3 projects. By using the AI tools of US-based companies, including those of OpenAI, Cursor, and Anima, the hacker group—which Expel calls HexagonalRodent—“ vibe coded ” almost every part of its intrusion campaign, from writing their malware to building the fake websites of companies used in its phishing schemes.
Technical Details
That AI-enabled hacking allowed the group to steal as much as $12 million in cryptocurrency from victims in three months. What’s most striking about the HexagonalRodent hacking campaign isn’t its sophistication, says Marcus Hutchins, the security researcher who discovered the group, but rather how AI tools allowed an apparently unsophisticated group to carry out a profitable theft spree in the service of the North Korean state. “These operators don't have the skills to write code.
They don't have the skills to set up infrastructure. AI is actually enabling them to do things that they otherwise just would not be able to do,” says Hutchins, who became well-known in the cybersecurity community after disabling the WannaCry ransomware worm created by North Korean hackers. Emoji-Littered, AI-Written Code HexagonalRodent’s hacking operation focused on tricking crypto developers with fraudulent job offers at tech firms, going so far as to create full websites for the fake companies recruiting the victims, often created with AI web design tools.
This advance offers important signals about the future of the sector, and the tech world is watching closely.
