Microsoft Threat Intelligence wrote in a blog post that hackers are using OpenAI for cyber operations.
“Microsoft and OpenAI have not yet observed particularly novel or unique AI-enabled attack or abuse techniques resulting from threat actors’ usage of AI,” Microsoft wrote. “However, Microsoft and our partners continue to study this landscape closely.”
“Importantly, our research with OpenAI has not identified significant attacks employing the LLMs we monitor closely,” the post added. “At the same time, we feel this is important research to publish to expose early-stage, incremental moves that we observe well-known threat actors attempting, and share information on how we are blocking and countering them with the defender community.”
Some of the threat actors described in the post are Charcoal Typhoon and Salmon Typhoon from China, Crimson Sandstorm from Iran, Forest Blizzard from Russia, and Emerald Sleet from North Korea.
Forest Blizzard often targets organizations “in and related to Russia’s war in Ukraine throughout the duration of the conflict, and Microsoft assesses that Forest Blizzard operations play a significant supporting role to Russia’s foreign policy and military objectives both in Ukraine and in the broader international community,” as well as being involved in researching “various satellite and radar technologies.”
Emerald Sleet is known to impersonate “reputable academic institutions.”
Crimson Sandstorm has been active since at least 2017 and has targeted “defense, maritime shipping, transportation, healthcare, and technology.”
Charcoal Typhoon has a “broad operational scope” across Taiwan, Thailand, Mongolia, Malaysia, France, and Nepal, while Salmon Typhoon targets “US defense contractors, government agencies, and entities within the cryptographic technology sector.”
A similar blog post from OpenAI read, “As is the case with many other ecosystems, there are a handful of malicious actors that require sustained attention so that everyone else can continue to enjoy the benefits. Although we work to minimize potential misuse by such actors, we will not be able to stop every instance. But by continuing to innovate, investigate, collaborate, and share, we make it harder for malicious actors to remain undetected across the digital ecosystem and improve the experience for everyone else.”