Threat actors use ChatGPT to write malware

Oct. 14, 2024, 10:47 a.m.

Tags
social engineering
sugargh0st rat
reconnaissance
chatgpt
spear-phishing
2024-10-14
threat actors
cyber operations
openai
External References
Description

OpenAI has disrupted over 20 malicious cyber operations abusing ChatGPT for various purposes, including malware development and spear-phishing attacks. The company confirmed cases involving Chinese and Iranian threat actors. SweetSpecter, a Chinese group, targeted OpenAI employees with phishing emails and used ChatGPT for reconnaissance and social engineering. CyberAv3ngers, an Iranian group, utilized the AI tool for developing scripts, planning post-compromise activities, and exploiting vulnerabilities. Another Iranian group, Storm-0817, employed ChatGPT to create Android malware and supporting infrastructure. These cases demonstrate that generative AI tools can enhance offensive cyber operations, particularly for low-skilled actors, across all stages of an attack.

Date

Published: Oct. 14, 2024, 10:23 a.m.

Created: Oct. 14, 2024, 10:23 a.m.

Modified: Oct. 14, 2024, 10:47 a.m.

Attack Patterns

SugarGh0st RAT

SweetSpecter, CyberAv3ngers, Storm-0817

T1555.001

T1589

T1588

T1587

T1583.003

T1555.003

T1583

T1114

T1056.001

T1555

T1113

T1005

T1590

T1595

T1102

T1592

T1566

T1190

T1059

Additional Informations

Technology

Energy

Government

Iran, Islamic Republic of

Jordan

China

Pakistan