OpenAI and Microsoft claim that Russian and North Korean hackers are using OpenAI's generative AI tools to improve/bolster their cyberattack campaigns.
This new alarming detail was revealed by the software giant on Wednesday, Feb. 14, saying that it collaborated with OpenAI to publish a new study regarding the emerging threats in the age of artificial intelligence.
OpenAI also published its blog post to explain how cybercrime groups, which are backed by Western-hostile countries, use its AI tools to bolster their cyberattacks.
OpenAI, Microsoft Claims Russian, North Korean Hackers Use OpenAI Tools
Via its official blog post, OpenAI listed the cybercrime groups that allegedly use its GAI tools. These include the North Korea-backed hacking group Emerald Sleet, Russia-affiliated Forest Blizzard, Iran-backed threat actor Crimson Sandstorm, as well as two additional cybercrime groups backed by China; Salmon Typhoon and Charcoal Typhoon.
According to Yahoo News' latest report, OpenAI and Microsoft were able to remove their access to AI systems after discovering that were using these GAI tools to enhance their malicious campaigns.
Before their access was taken down, these cybercriminals were able to use OpenAI's GAI tools to do the following:
- Translate technical papers, retrieve publicly available information on multiple intelligence agencies and regional threat actors, assist with coding, and research common ways processes could be hidden on a system.
- Scripting support related to app and web development, generating content likely for spear-phishing campaigns, and researching common ways malware could evade detection.
- Research various companies and cybersecurity tools, debug code and generate scripts, and create content likely for use in phishing campaigns.
- Identify experts and organizations focused on defense issues in the Asia-Pacific region, understand publicly available vulnerabilities, help with basic scripting tasks, and draft content that could be used in phishing campaigns.
- For open-source research into satellite communication protocols and radar imaging technology, as well as for support with scripting tasks.
How Microsoft, OpenAI Protect AI Tools From Hackers
Microsoft reassured its consumers that it's closely working with OpenAI to take action when known and emerging threat actors surface.
One of their efforts is establishing Microsoft Threat Intelligence; the team that tracks over 300 unique threat actors. These include 50 ransomware gangs, 160 nation-state actors, etc.
"Recognizing the rapid growth of AI and emergent use of LLMs in cyber operations, we continue to work with MITRE to integrate these LLM-themed tactics, techniques, and procedures," said Microsoft.
The software giant added that these efforts are implemented into he MITRA ATLAS or MITRA ATT7CK knowledgebase.
"This strategic expansion reflects a commitment to not only track and neutralize threats but also to pioneer the development of countermeasures in the evolving landscape of AI-powered cyber operations," further stated Microsoft.
