OpenAI revealed in its latest report that the use of artificial intelligence is not limited to just positive benefits, but also extends to criminal activities that threaten cybersecurity. The report indicates that the AI chatbot program ChatGPT has become a useful tool for internet criminals, who use it to write code and develop malware, reflecting a new shift in cyber attack methods.
According to the report titled “Impact and Cyber Operations: Update,” more than twenty malicious cyber operations have been reported since the beginning of 2024, with ChatGPT being exploited in various online attacks, including phishing and social engineering. The report shows how internet criminals leverage the natural language processing capabilities provided by ChatGPT to accomplish tasks that usually require high technical skills, making it easier for them to carry out attacks.
The first documented case of artificial intelligence being used in cyber attacks dates back to April 2024, when cybersecurity company Proofpoint identified the Chinese cyber espionage group “TA547,” also known as “Scully Spider,” which deployed malware created by artificial intelligence. This was followed by a report from HP Wolf Security in September, which highlighted script programs created by artificial intelligence being used in multi-step attacks targeting users in France.
One of the prominent cases involves the “SweetSpecter” group, which targeted Asian governments and sent phishing emails containing malicious ZIP files to OpenAI employees. This group used ChatGPT to analyze security vulnerabilities and search for weaknesses in systems.
In another case, the Iranian group “CyberAv3ngers” used ChatGPT to find credentials for industrial control devices, highlighting the potential risks facing critical infrastructure.
In response to these threats, OpenAI took immediate action by shutting down accounts associated with these activities and sharing information about breach indicators with cybersecurity partners. The company is also working to enhance its monitoring systems to detect suspicious patterns that may indicate malicious behavior, aiming to protect its platform from further exploitation in criminal activities.
