{ "name": "Threat actors use ChatGPT to write malware", "slug": "threat-actors-use-chatgpt-to-write-malware", "description": "OpenAI has disrupted over 20 malicious cyber operations abusing ChatGPT for various purposes, including malware development and spear-phishing attacks. The company confirmed cases involving Chinese and Iranian threat actors. SweetSpecter, a Chinese group, targeted OpenAI employees with phishing emails and used ChatGPT for reconnaissance and social engineering. CyberAv3ngers, an Iranian group, utilized the AI tool for developing scripts, planning post-compromise activities, and exploiting vulnerabilities. Another Iranian group, Storm-0817, employed ChatGPT to create Android malware and supporting infrastructure. These cases demonstrate that generative AI tools can enhance offensive cyber operations, particularly for low-skilled actors, across all stages of an attack.", "published": "2024-10-14T08:23:31+00:00", "created_at": "2024-10-14T08:23:31+00:00", "modified_at": "2024-10-14T08:47:00+00:00", "created_at_opencti": "2024-10-14T08:23:31+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2024-10-14", "chatgpt", "cyber operations", "openai", "reconnaissance", "social engineering", "spear-phishing", "sugargh0st rat", "threat actors" ], "related_entities": { "observables": [ { "id": "", "name": "stickhero.pro" } ], "malware": [ { "id": "legacy:malware:9a1005c352f48bf1", "name": "SugarGh0st RAT", "slug": "sugargh0st-rat" } ], "intrusion_sets": [ { "id": "4243936f-018e-46f6-ba1b-04ef82c9a6a0", "name": "SweetSpecter, CyberAv3ngers, Storm-0817", "slug": "sweetspecter-cyberav3ngers-storm-0817" } ], "attack_patterns": [ { "id": "759720f6-8f0f-4017-ab21-7ac30d0bf46f", "name": "T1555.001" }, { "id": "2969e5a7-1049-4df8-b1ba-8a0675de6b94", "name": "T1589" }, { "id": "7616ff60-a18f-4663-9824-b889aa01c8ce", "name": "T1588" }, { "id": "5e3b3612-8bf8-46e1-943e-b4c1524bef11", "name": "T1587" }, { "id": "320df345-a473-4f17-9588-6cd021c14bd3", "name": "T1583.003" }, { "id": "b7ba0db0-7d4f-436f-8d5f-c431d690b048", "name": "T1555.003" }, { "id": "1e043fe4-2413-4b8e-887c-0fe45d095a24", "name": "T1583" }, { "id": "5bab4974-1fc2-4144-b093-28ebcb8767dc", "name": "T1114" }, { "id": "667462db-9031-48eb-893a-05d35f9330a7", "name": "T1056.001" }, { "id": "a72b6e11-a5d5-4f5a-8f0d-8861e90c34f7", "name": "T1555" }, { "id": "8e0fea81-4d54-4e88-a7dd-3aa8b26558ed", "name": "T1113" }, { "id": "97d377d8-89c7-48f8-a79f-0f48bd60df74", "name": "T1005" }, { "id": "5dee2969-7083-430e-9083-73bab54c3a18", "name": "T1590" }, { "id": "d570881a-1f73-41ca-ad6c-fc29256c76f9", "name": "T1595" }, { "id": "870bd958-53a3-4d25-9f23-00aa8bd6674d", "name": "T1102" }, { "id": "29f7ff93-033b-4f8d-8691-5bcaa438c80f", "name": "T1592" }, { "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d", "name": "T1566" }, { "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62", "name": "T1190" }, { "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221", "name": "T1059" } ], "others": [ { "id": "", "name": "Iran, Islamic Republic of" }, { "id": "", "name": "Jordan" }, { "id": "", "name": "China" }, { "id": "", "name": "Pakistan" }, { "id": "", "name": "Technology" }, { "id": "", "name": "Energy" }, { "id": "", "name": "Government" } ] }, "external_refs": [ "https://www.bleepingcomputer.com/news/security/openai-confirms-threat-actors-use-chatgpt-to-write-malware/", "https://otx.alienvault.com/pulse/670cf1231ab27b6fa4148e6d" ] }