OpenAI has disrupted five state-affiliated actors that sought to use AI services in support of malicious cyber activities.
Based on collaboration and information sharing with Microsoft, we disrupted five state-affiliated malicious actors: two China-affiliated threat actors known as Charcoal Typhoon and Salmon Typhoon; the Iran-affiliated threat actor known as Crimson Sandstorm; the North Korea-affiliated actor known as Emerald Sleet; and the Russia-affiliated actor known as Forest Blizzard. The identified OpenAI accounts associated with these actors were terminated.
The Blog Post Reads
Ativity associated with the following threat groups was terminated on the platform:
- Forest Blizzard (Strontium) [Russia]: Utilized ChatGPT to conduct research into satellite and radar technologies pertinent to military operations and to optimize its cyber operations with scripting enhancements.
- Emerald Sleet (Thallium) [North Korea]: Leveraged ChatGPT for researching North Korea and generating spear-phishing content, alongside understanding vulnerabilities (like CVE-2022-30190 “Follina”) and troubleshooting web technologies.
- Crimson Sandstorm (Curium) [Iran]: Engaged with ChatGPT for social engineering assistance, error troubleshooting, .NET development, and developing evasion techniques.
- Charcoal Typhoon (Chromium) [China]: Interacted with ChatGPT to assist in tooling development, scripting, comprehending cybersecurity tools, and generating social engineering content.
- Salmon Typhoon (Sodium) [China]: Employed LLMs for exploratory inquiries on a wide range of topics, including sensitive information, high-profile individuals, and cybersecurity, to expand their intelligence-gathering tools and evaluate the potential of new technologies for information sourcing.
Generally, the threat actors used large language models to enhance their strategic and operational capabilities, including reconnaissance, social engineering, evasion tactics, and generic information gathering.
