Skip to content

OpenAI bans ChatGPT accounts used by hacking groups

  • by
  • 2 min read

OpenAI has done some housekeeping and kicked out hacker groups using ChatGPT to develop malware and other malicious tools. Accounts likely operated by Russian-speaking threat actors and two Chinese state-sponsored hacking groups have been removed.

OpenAI explains in a report that it wasn’t just fighting back against hacking groups. This was a consolidated effort to rid ChatGPT of malicious uses altogether. Abusive activities targeted included social engineering, cyber espionage, deceptive employment schemes, covert influence operations, and scams. Other than the aforementioned hacking groups, OpenAI also banned accounts used to likely carry out task scams from Cambodia, comment spamming coming from the Philippines, and covert operation attempts from Russia and Iran.

The Russian hacking group was allegedly working on a Windows malware and using ChatGPT for refinements, as well as for setting up its command-and-control (C2) infrastructure. The group used temporary email accounts to access the chatbot, and only used each account to have one conversation before moving on.

This is an image of chatgpt featured 21324132

This campaign has been codenamed ScopeCreep by OpenAI. There’s no evidence of malicious activity being widespread at the moment. However, the hackers distributed the malware by impersonating a popular crosshair overlay tool called Crosshair X, infecting anyone who downloads the trojanised copy. As more potential downloads get tricked and download the wrong version, malicious activity can spread.

Chinese hacking groups ATP5 and APT15 were also spotted using ChatGPT for nefarious purposes. One group used the chatbot to modify scripts and troubleshoot system configurations, and the other for software development and infrastructure setup.

Chinese hackers also used ChatGPT to work on a brute-force script that can hack FTP servers, attempt to automate penetration testing, and develop a tool to manage multiple Android devices to programmatically post content on social media platforms.

In the News: High value individuals in US, EU targeted by suspected iMessage zero day

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

Photo: oasisamuel / shutterstock. Com

High value individuals in US, EU targeted by suspected iMessage zero day

This is an image of malware featured security

Badbox 2.0 Android malware found infecting millions of devices, FBI issues warning

This is an image of dark web hacker security

20 suspects arrested for distributing child sexual abuse content

This is an image of vodafone featured 131

Vodafone Germany fined $51 million for failing to protect user data

This is an image of dark web hacker security

Interlock ransomware claims Kettering health attack

This is an image of kiranapro featured

Online grocery shop KiranaPro hacked; AWS and GitHub code wiped

>