Openai threats that some of the accounts used ChatGPT in tactics similar to the well -known Velvet Chollima group (Kimsuky, Emerald Sleet), while others could be associated with the Stardust Chollima group (Apt38, Sapphire Sleet).
Blocked accounts were used to search for cryptocurrency information-one of the key topics of interest to the North Korean Hackers . In addition, the attackers requested a code for bypassing protective mechanisms and used ChatGPT to write and debug the harmful programs designed for attacks using the RDP protocol.
Cybercriminals tried to find vulnerabilities in various applications, to develop tools for phishing and social engineering, as well as create malicious PowerShell scripts. In addition, hackers used ChatGPT to generate omitted code and disguise malicious files.
One of the interesting finds was links to sites where previously unknown malicious binary files were posted. Hackers left links during debugging locations of auto -sales expansion points (ASP) and attack methods on MacOS. The data was transferred to the scanning online service to simplify the exchange with the security community and prevent potential attacks.
In addition, Openai revealed that the North Korean hackers could use ChatGPT to carry out working tasks as part of the employment scheme of IT specialists. Attackers found work in Western companies, then used AI for programming and communicating with colleagues, and also invented plausible explanations to conceal their real location and avoid video calls.
Since October 2024, Openai has also blocked two operations related to China. One of them, Peer Review, was aimed at developing tools for cyber espionage , and the other – sponSored discontent – used ChatGPT to create anti -American content in Spanish.
in the previous report Openai said that with the beginning of 2024 stopped more than 20 cyber operations and hidden information campaigns of Iranian and Chinese hackers.