Threat actors use ChatGPT to write malware

Oct. 14, 2024, 10:47 a.m.

Description

OpenAI has disrupted over 20 malicious cyber operations abusing ChatGPT for various purposes, including malware development and spear-phishing attacks. The company confirmed cases involving Chinese and Iranian threat actors. SweetSpecter, a Chinese group, targeted OpenAI employees with phishing emails and used ChatGPT for reconnaissance and social engineering. CyberAv3ngers, an Iranian group, utilized the AI tool for developing scripts, planning post-compromise activities, and exploiting vulnerabilities. Another Iranian group, Storm-0817, employed ChatGPT to create Android malware and supporting infrastructure. These cases demonstrate that generative AI tools can enhance offensive cyber operations, particularly for low-skilled actors, across all stages of an attack.

External References

https://www.bleepingcomputer.com/news/security/openai-confirms-threat-actors-use-chatgpt-to-write-malware/
https://otx.alienvault.com/pulse/670cf1231ab27b6fa4148e6d
Tags
social engineering
sugargh0st rat
reconnaissance
chatgpt
spear-phishing
2024-10-14
threat actors
cyber operations
openai

Date

  • Created: Oct. 14, 2024, 10:23 a.m.
  • Published: Oct. 14, 2024, 10:23 a.m.
  • Modified: Oct. 14, 2024, 10:47 a.m.

Indicators

  • stickhero.pro
Download all indicators here!

Attack Patterns

  • SugarGh0st RAT
  • SweetSpecter, CyberAv3ngers, Storm-0817
  • T1555.001
  • T1589
  • T1588
  • T1587
  • T1583.003
  • T1555.003
  • T1583
  • T1114
  • T1056.001
  • T1555
  • T1113
  • T1005
  • T1590
  • T1595
  • T1102
  • T1592
  • T1566
  • T1190
  • T1059

Additional Informations

  • Technology
  • Energy
  • Government
  • Iran, Islamic Republic of
  • Jordan
  • China
  • Pakistan