OpenAI detected and blocked hackers from Russia, China, and North Korea who used ChatGPT for cyberattacks
OpenAI reported three hacking groups that used ChatGPT to create malware.
OpenAI reported three hacking groups that used ChatGPT to create malware.
In particular, a Russian-speaking group of hackers was discovered that used a chatbot to create and refine a remote access trojan (RAT) and a credential theft program optimized to evade detection, writes The Hacker News.
She also used various ChatGPT accounts to test and debug components that enable data theft and further exploitation.
OpenAI said: "These accounts appear to be linked to Russian-speaking criminal groups, as we observed them posting evidence of their activities on the Telegram channel."
As the company noted, although LLM refused to generate malicious content in response to direct requests, hackers found a way out. They bypassed the ban by forcing the AI to create separate code fragments, which were then assembled into full-fledged workflows.
The attackers used only a few ChatGPT accounts, but they constantly refined the same code in different sessions, indicating a long development process rather than isolated testing attempts.
The second cluster of activity originated in North Korea. OpenAI found that hackers used ChatGPT to create malware and command-and-control (C2) servers. They focused on tasks such as developing Finder extensions for macOS, configuring Windows Server VPN connections, or converting Chrome extensions to their Safari equivalents.
In addition, the attackers used the chatbot to craft phishing emails, experiment with cloud services and GitHub features, and explore methods for DLL loading, in-memory execution, Windows API interception, and credential theft.
The third group of blocked accounts is associated with the UNK_DropPitch (UTA0388) cluster. This is a Chinese hacking group known for its phishing attacks on large investment companies, especially in the Taiwanese semiconductor industry, using the HealthKick (GOVERSHELL) backdoor.
The attackers generated content for phishing campaigns in English, Chinese, and Japanese; assisted in the development of tools to speed up routine tasks (such as remote execution and securing traffic using HTTPS); and sought information on installing open-source tools such as nuclei and fscan.
The US has imposed sanctions on a network of North Korean hackers who posed as IT professionals to infiltrate American companies. A Russian citizen was also targeted
The US has imposed sanctions on a network of North Korean hackers who posed as IT professionals to infiltrate American companies. A Russian citizen was also targeted
Russian hackers suspected in large-scale hack of US federal court electronic case system
Russian hackers suspected in large-scale hack of US federal court electronic case system
Russian hacking group RomCom exploited new vulnerability in WinRAR to attack companies around the world
Russian hacking group RomCom exploited new vulnerability in WinRAR to attack companies around the world
Read the country's main IT news in our Telegram
Read the country's main IT news in our Telegram
