In a recent report, OpenAI revealed that it has successfully prevented over 20 foreign “influence operations” that were exploiting ChatGPT for nefarious purposes. These operations involved the use of the AI chatbot for malware development, disinformation campaigns, detection evasion, and phishing attacks.
Cybercriminal Groups Leverage AI for Advanced Attacks
Cybersecurity experts have long warned about hackers utilizing AI for malware creation. OpenAI’s report confirms these concerns, detailing specific instances where Chinese and Iranian hacker groups misused ChatGPT to enhance their operations’ effectiveness.
SweetSpecter: Chinese Cyber Espionage Group
One of the groups identified by OpenAI is the Chinese-based SweetSpecter, first detected by Cisco Talos in November 2023. This group, known for targeting Asian governments, was found using ChatGPT for scripting and vulnerability analysis. Their attacks involved sending phishing emails with malicious ZIP archives disguised as support requests, ultimately deploying the SugarGh0st RAT.
CyberAv3ngers: Iranian Critical Infrastructure Attackers
The Iranian group CyberAv3ngers, which typically targets industrial systems in Western countries, was observed using ChatGPT for various malicious activities. These included obtaining default credentials for widely-used programmable logic controllers (PLCs), developing custom bash and Python scripts, and obfuscating code. The group also utilized the AI for post-exploitation planning and exploring methods to exploit specific vulnerabilities.
Storm-0817: Sophisticated Android Malware Developers
Another Iranian group, Storm-0817, employed ChatGPT for malware debugging, creating an Instagram scraper, translating LinkedIn profiles to Persian, and developing custom Android malware with its associated command and control infrastructure. The resulting malware could steal contact lists, call logs, and files, capture screenshots, browse user history, and pinpoint exact locations.
OpenAI’s Response and Preventive Measures
OpenAI has taken swift action to mitigate these threats. All accounts associated with the malicious activities have been blocked, and related compromise indicators, including IP addresses, have been shared with OpenAI’s cybersecurity partners. This collaborative approach aims to strengthen the overall defense against AI-assisted cyberattacks.
The discovery of these sophisticated operations underscores the dual-use nature of AI technologies. While AI chatbots like ChatGPT offer immense benefits, they also present potential risks when exploited by malicious actors. As AI continues to evolve, it is crucial for developers, cybersecurity professionals, and users to remain vigilant and implement robust security measures to prevent misuse and protect against emerging threats in the digital landscape.
