Cyberattackers linked to China, Iran spotted using AI tools for ops: OpenAI

A version of this story appeared in the daily Threat Status newsletter from The Washington Times. Click here to receive Threat Status delivered directly to your inbox each weekday.

OpenAI said it has detected and disrupted efforts by China- and Iran-linked attackers attempting to use the artificial intelligence company’s tools to power offensive cyberoperations.

The market-leading AI company said in a new report that it thwarted more than 20 operations and deceptive networks thus far in 2024.

OpenAI’s Ben Nimmo and Michael Flossman wrote that a China-based adversary used OpenAI’s tools for reconnaissance and evasion, while an Iran-linked group fine-tuned its malware.

“We most often observed threat actors using our models to perform tasks in a specific, intermediate phase of activity — after they had acquired basic tools such as internet access, email addresses and social media accounts, but before they deployed ’finished’ products such as social media posts or malware across the internet via a range of distribution channels,” the duo said in OpenAI’s report.

China-based cyberattackers unsuccessfully sought to “spear phish” OpenAI employees’ personal and corporate emails, the company said.

The same attackers, labeled “SweetSpecter” by the San Francisco-based company, attempted to use OpenAI’s services for reconnaissance, research and “anomaly detection evasion,” among other things.

“We identified and banned accounts, which based on an assessment from a credible source likely belonged to a suspected China-based adversary, that were attempting to use our models to support their offensive cyber operations while simultaneously conducting spearphishing attacks against our employees and governments around the world,” the report said.

OpenAI did not identify the source of the tip, but said it came from someone whose “security team” observed SweetSpecter sending the spear phishing emails to OpenAI employees.

The OpenAI report published last week said SweetSpecter emerged in 2023 and this was the first time it was spotted targeting an AI company in the U.S.

SweetSpecter was attempting to deliver malware on targets’ machines that would enable the China-based attackers to steal data and take screenshots.

An Iranian group also sought to use OpenAI’s services to power its malware, the company’s investigators found. The Storm-0817 group asked OpenAI’s models for debugging and coding assistance for attacking Android devices to help hackers retrieve contacts, call logs, screenshots, browsing history and more.

While OpenAI described the malware as “relatively rudimentary,” the Iranian attackers’ intentions were nonetheless judged to be done with malicious intent.

Storm-0817 attempted to use OpenAI’s services to collect information on an Iranian journalist critical of the country’s government.

“STORM-0817 also sought help to de-bug code to scrape Instagram profiles via the Selenium webdriver,” the OpenAI report said. “This python code would accept an IG username and attempt to retrieve details from all followers. An Iranian journalist, critical of the Iranian government, appeared to be one of those individuals that this adversary was testing this tooling out on.”

The scale and frequency of threat actors using OpenAI’s tools are not fully apparent, but the report suggests many of the efforts to use the company’s tools for nefarious purposes were unsuccessful for the most part.

OpenAI said it disabled all accounts identified as associated with Storm-0817 and did not fall victim to the China-linked attackers’ targeting. Other cyber adversaries’ efforts failed to build original malware or create new viral audiences for their influence efforts, the company said.