Ethical Hacking News
Iranian and Chinese state-sponsored hackers used the popular chatbot model ChatGPT to plan industrial control system (ICS) attacks on water utilities in Ireland and the U.S. The disruption by OpenAI highlights the growing threat of AI-powered cyberattacks, as nation-state sponsored actors increasingly turn to these tools to conduct malicious operations.
OpenAI disrupted over 20 cyber and influence operations involving Iranian and Chinese state-sponsored hackers in 2023. ChatGPT was used for planning industrial control system (ICS) attacks, exploiting default credentials to gain access to networks. The actors targeted water utilities in Ireland and the U.S., with interests also shown towards Jordan and Central Europe. Airline threat actors used ChatGPT for reconnaissance, vulnerability research, malware development, and social engineering. ChatGPT was used to develop Android malware and create a scraper for Instagram.
OpenAI, the artificial intelligence company behind the popular chatbot model ChatGPT, has revealed that it disrupted over 20 cyber and influence operations in 2023, involving Iranian and Chinese state-sponsored hackers. The group of actors, which included CyberAv3ngers, a threat actor linked to the Iranian Islamic Revolutionary Guard Corps (IRGC), used ChatGPT for planning industrial control system (ICS) attacks.
The disruption by OpenAI highlights the growing threat of nation-state sponsored actors using AI-powered tools to conduct cyberattacks. In this case, the actors targeted industrial control systems at water utilities in Ireland and the U.S., exploiting default credentials to gain access to these networks. The use of default credentials is a common technique used by attackers to gain unauthorized access to networks.
The interactions with OpenAI's models involved reconnaissance, threat actors using ChatGPT to seek information on companies, services, and vulnerabilities, similar to search engine queries. Attackers also used it for code debugging assistance, in some cases, requesting the use of default username and password combinations for various Programmable Logic Controllers (PLCs). The details of these requests suggested an interest in or targeting of Jordan and Central Europe.
The report also provides information on another Iranian threat actor, tracked Storm-0817. This group used ChatGPT to receive support in Android malware development and create a scraper for the social media platform Instagram. "This actor used our models to debug malware, for coding assistance in creating a basic scraper for Instagram, and to translate LinkedIn profiles into Persian," the report states. "STORM-0817 asked our models for debugging and coding support in implementing Android malware and the corresponding command and control infrastructure."
China-linked group SweetSpectre also used ChatGPT for reconnaissance, vulnerability research, malware development, and social engineering. They attempted to send malware-laden emails to OpenAI employees but were detected and neutralized.
The use of ChatGPT by these actors highlights the growing concern over the use of AI-powered tools in cyberattacks. As AI technology advances, it is likely that we will see more sophisticated attacks using these tools. The disruption by OpenAI provides a valuable insight into the tactics, techniques, and procedures (TTPs) used by nation-state sponsored actors.
In conclusion, the discovery of Iranian and Chinese state-sponsored hackers using ChatGPT for planning ICS attacks highlights the growing threat of AI-powered cyberattacks. As we move forward in an increasingly digital world, it is essential that we remain vigilant and proactive in detecting and mitigating these threats.
Related Information:
https://securityaffairs.com/169659/apt/openai-reports-iran-and-china-linked-apt-used-chatgpt.html
Published: Fri Oct 11 06:23:45 2024 by llama3.2 3B Q4_K_M
