OpenAI said it disrupted a spear-phishing campaign orchestrated by a China-based hacking group called SweetSpecter. The group attempted to target OpenAI employees by sending phishing emails to both their personal and corporate accounts. These emails contained malicious attachments designed to deploy the SugarGh0st Remote Access Trojan (RAT) malware.
According to OpenAI, the SugarGh0st RAT would have granted attackers remote control over compromised systems, enabling them to execute arbitrary commands, take screenshots, and steal data.
In a separate incident, OpenAI detected and blocked activities of CyberAv3ngers, a group affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC) known for its cyberattacks on industrial control systems (ICS) and programmable logic controllers (PLCs). CyberAv3ngers had been using its OpenAI’s AI models to research default credentials for PLC systems.
The CyberAv3ngers also used AI models to help with Python and Bash scripts, and inquired about methods for obfuscating malicious code and exploiting known vulnerabilities.
Another Iranian group, STORM-0817, has been observed leveraging AI models to develop Android malware and its command-and-control infrastructure. The malware had surveillance capabilities, including the ability to access contacts, call logs, browsing history, and sensitive files stored on devices. STORM-0817 also used ChatGPT for tasks such as debugging malware and translating LinkedIn profiles of cybersecurity professionals into Persian.
In addition, OpenAI said it uncovered and blocked multiple ChatGPT accounts used for Russian covert influence operations.