OpenAI recently announced that it took action against a group of ChatGPT accounts believed to be operated by Russian-speaking threat actors and two Chinese nation-state hacking groups. These accounts were used for various malicious activities, including malware development, social media automation, and research on U.S. satellite communications technologies.
The Russian-speaking threat actor utilized OpenAI’s models to refine Windows malware, debug code in multiple languages, and set up their command-and-control infrastructure. The malware campaign, known as ScopeCreep, was primarily focused on Windows systems.
The threat actor employed a strategy of using temporary email accounts to sign up for ChatGPT, engaging in one conversation per account to make incremental improvements to their malicious software. This approach demonstrated a strong emphasis on operational security.
The AI-assisted malware was distributed through a code repository masquerading as a legitimate video game tool. Once installed, the malware would execute a series of actions to escalate privileges, establish persistence, and exfiltrate sensitive data while evading detection.
Additionally, OpenAI identified another group of ChatGPT accounts associated with Chinese hacking groups ATP5 and APT15. These accounts were used for a range of activities, including research, system administration, software development, and infrastructure setup.
Some of the observed malicious activities included developing scripts to break into FTP servers, automating penetration testing with large-language models, and managing a fleet of Android devices for social media manipulation.
OpenAI also highlighted several other malicious clusters that leveraged ChatGPT for deceptive purposes, such as driving fraudulent employment campaigns, generating social media posts on geopolitical topics, and spreading polarized content on divisive issues.
These activities underscore the growing trend of threat actors utilizing AI-powered tools for nefarious purposes across various domains. It is essential for organizations to remain vigilant and implement robust security measures to counter such threats effectively.
If you found this article informative, you can follow us on Twitter and LinkedIn for more exclusive content.
