OpenAI Thwarts China-Linked Phishing Attempt on Employees

OpenAI Says China-Linked Group Tried to Phish Its Employees

OpenAI said it took down some accounts from groups with links to China OpenAI said a group with apparent ties to China tried to carry out a phishing attack on its employees, reigniting concerns that bad actors in Beijing want to steal sensitive information from top US artificial intelligence companies. The AI startup said Wednesday that a suspected China-based group called SweetSpecter posed as a user of OpenAI's chatbot ChatGPT earlier this year and sent customer support emails to staff. The emails included malware attachments that, if opened, would have allowed SweetSpecter to take screenshots and exfiltrate data, OpenAI said, but the attempt was unsuccessful. "OpenAI's security team contacted employees who were believed to have been targeted in this spear phishing campaign and found that existing security controls prevented the emails from ever reaching their corporate emails," OpenAI said. The disclosure highlights the potential cybersecurity risks for leading AI companies as the US and China are locked in a high-stakes battle for Artificial Intelligence supremacy. In March, for example, a former Google engineer was charged with stealing AI trade secrets for a Chinese firm. China's government has repeatedly denied allegations by the US that organisations within the country perpetrate cyberattacks, accusing external parties of organising smear campaigns. OpenAI revealed the attempted phishing attack as part of its latest threat intelligence report, outlining its efforts to combat influence operations around the world. In the report, OpenAI said it took down accounts from groups with links to Iran and China that used AI for coding assistance, conducting research and other tasks. © 2024 Bloomberg LP

OpenAI Says China-Linked Group Tried to Phish Its Employees

OpenAI said a group with apparent ties to China tried to carry out a phishing attack on its employees, reigniting concerns that bad actors in Beijing want to steal sensitive information from top US artificial intelligence companies. The AI startup said Wednesday that a suspected China-based group called SweetSpecter posed as a user of OpenAI's chatbot ChatGPT earlier this year and sent customer support emails to staff. The emails included malware attachments that, if opened, would have allowed SweetSpecter to take screenshots and exfiltrate data, OpenAI said, but the attempt was unsuccessful. "OpenAI's security team contacted employees who were believed to have been targeted in this spear phishing campaign and found that existing security controls prevented the emails from ever reaching their corporate emails," OpenAI said. The disclosure highlights the potential cybersecurity risks for leading AI companies as the US and China are locked in a high-stakes battle for artificial intelligence supremacy. In March, for example, a former Google engineer was charged with stealing AI trade secrets for a Chinese firm. China's government has repeatedly denied allegations by the US that organizations within the country perpetrate cyberattacks, accusing external parties of organizing smear campaigns. OpenAI revealed the attempted phishing attack as part of its latest threat intelligence report, outlining its efforts to combat influence operations around the world. In the report, OpenAI said it took down accounts from groups with links to Iran and China that used AI for coding assistance, conducting research and other tasks.

OpenAI says China-linked group tried to phish its employees

A suspected China-based group posed as a user of ChatGPT and sent customer support emails to staff. OpenAI said a group with apparent ties to China tried to carry out a phishing attack on its employees, reigniting concerns that bad actors in Beijing want to steal sensitive information from top US artificial intelligence companies. The AI startup said Wednesday that a suspected China-based group called SweetSpecter posed as a user of OpenAI's chatbot ChatGPT earlier this year and sent customer support emails to staff. The emails included malware attachments that, if opened, would have allowed SweetSpecter to take screenshots and exfiltrate data, OpenAI said, but the attempt was unsuccessful. "OpenAI's security team contacted employees who were believed to have been targeted in this spear phishing campaign and found that existing security controls prevented the emails from ever reaching their corporate emails," OpenAI said. The disclosure highlights the potential cybersecurity risks for leading AI companies as the US and China are locked in a high-stakes battle for artificial intelligence supremacy. In March, for example, a former Google engineer was charged with stealing AI trade secrets for a Chinese firm. China's government has repeatedly denied allegations by the US that organizations within the country perpetrate cyberattacks, accusing external parties of organizing smear campaigns. OpenAI revealed the attempted phishing attack as part of its latest threat intelligence report, outlining its efforts to combat influence operations around the world. In the report, OpenAI said it took down accounts from groups with links to Iran and China that used AI for coding assistance, conducting research and other tasks.

OpenAI says Chinese gang tried to phish its staff

Claims its models aren't making threat actors more sophisticated - but is helping debug their code OpenAI has alleged the company disrupted a spear-phishing campaign that saw a China-based group target its employees through both their personal and corporate email addresses. The group, which OpenAI says is called SweetSpecter, sent phishing emails that contained a malicious attachment designed to deploy the SugarGh0st RAT malware. The malware had the capability to give the hacker group control over a compromised machine, allowing them to execute arbitrary commands, take screenshots, and exfiltrate data. OpenAI was tipped off of the campaign by what it called a "credible source," and banned associated accounts. The emails were blocked by the company's security systems before reaching the employees. "Throughout this process, our collaboration with industry partners played a key role in identifying these failed attempts to compromise employee accounts," stated [PDF] OpenAI. "This highlights the importance of threat intelligence sharing and collaboration in order to stay ahead of sophisticated adversaries in the age of AI." The company believes that SweetSpecter has also been using OpenAI's services for offensive cyber operations, including reconnaissance, vulnerability research, and scripting support. The ChatGPT-maker downplayed the use of its AI, writing that the threat actor's use of its models did not help it to develop novel capabilities that couldn't be sourced from public resources. The China phishing allegation was raised in a document titled "Influence and cyber operations: an update" in which OpenAI also claimed it has "disrupted more than 20 operations and deceptive networks from around the world that attempted to use our models." The firm's analysis of those efforts is that most "used our models to perform tasks in a specific, intermediate phase of activity - after they had acquired basic tools such as internet access, email addresses and social media accounts, but before they deployed 'finished' products such as social media posts or malware." "Activities ranged in complexity from simple requests for content generation, to complex, multi-stage efforts to analyze and reply to social media posts," detailed OpenAI. The document also found that threat actors "continue to evolve and experiment with our models" but OpenAI has not seen evidence that its tools allowed "meaningful breakthroughs in their ability to create substantially new malware or build viral audiences." But threat actors are finding other uses for Open AI. One threat actor - an outfit named "STORM-0817" - using its tools to debug their code. The AI outfit also "found and disrupted a cluster of ChatGPT accounts that were using the same infrastructure to try to answer questions and complete scripting and vulnerability research tasks." The model-maker has also observed attempts to use its tools to influence elections, usually by creating social media posts or news articles. OpenAI nipped some of those efforts in the bud, but none it saw gained a substantial audience. ®

OpenAI Says China-Backed Phishing Attempt Targeted Employees | PYMNTS.com

OpenAI says hackers connected to the Chinese government attempted a phishing attack on its employees. The artificial intelligence (AI) company revealed the attempt Wednesday (Oct. 9) in a report on its attempts to prevent "the disruptive uses" of its technology. Earlier this year, the report said, OpenAI disrupted a "suspected China-based threat actor" known as "SweetSpecter" as it attempted to spear phish its employees by posing as a ChaptGPT user seeking support. Spear phishing is a type of phishing scam that employs a more targeted approach to getting personal information via email. The report said that those support request emails contained malware designed to steal sensitive information. "OpenAI's security team contacted employees who were believed to have been targeted in this spear phishing campaign and found that existing security controls prevented the emails from ever reaching their corporate emails," the report said. In addition, the report also touches on propaganda efforts to use ChatGPT to influence elections around the world. For example, the company in August disrupted a "covert Iranian influence operation" that generated social media comments and long-form articles about the U.S. election, alongside topics such as the conflict in Gaza, Western policies toward Israel and political issues in Scotland and Venezuela. "So far this year, we have not observed any cases of election-related influence operations attracting viral engagement or building sustained audiences through their use of our models," the report added. The company in February revealed that, working with its partner and largest investor Microsoft, it had blocked five state-affiliated attacks: two connected to China, the others with ties to North Korea, Iran and Russia. OpenAI's latest report came two days after the National Security Agency (NSA) said it was taking part in a larger investigation into whether Chinese hackers have targeted American telecommunications companies. China's embassy in Washington has rejected this claim. This year has seen a number of reports on threats to U.S. critical infrastructure. For example, last month brought the news that a hacking campaign dubbed "Salt Typhoon" was targeting sensitive information and had breached some American internet service providers. This hack involved an incursion into U.S. broadband networks, with cybercriminals establishing a foothold with the network that gave them access to data stored by telecommunications companies or carry out cyberattacks. "This would be an alarming -- but not really surprising -- expansion of their malicious use of cyber to gain the upper hand over the United States," Glenn Gerstell, former general counsel at the NSA, told The Wall Street Journal in September.