Microsoft: Russia, China, Others Used OpenAI Tools for Hacking

Microsoft has alleged that state-sponsored hacking groups from Russia, China, and other U.S. adversaries have been exploiting OpenAI’s tools to enhance their cyberattack capabilities. According to a report published by Microsoft on Wednesday, these groups have used OpenAI’s language models for various malicious activities, raising concerns about cybersecurity threats as AI technology advances.

Microsoft, in collaboration with OpenAI, took action against several hacking groups, including Charcoal Typhoon, Salmon Typhoon, Crimson Sandstorm, Emerald Sleet, and Forest Blizzard, by disabling their associated accounts. These groups allegedly used OpenAI’s tools for a range of nefarious purposes, from researching cybersecurity tools and phishing content to studying satellite and radar technologies for potential military operations.

Among the accused groups, Charcoal Typhoon and Salmon Typhoon, reportedly backed by China, utilized OpenAI’s language models to enhance their technical operations. Forest Blizzard, linked to Russia’s military intelligence, allegedly used the models to research military technologies potentially related to operations in Ukraine. Emerald Sleet, associated with North Korea, created content for spear-phishing campaigns, while Crimson Sandstorm, allegedly tied to Iran’s Revolutionary Guard, used OpenAI’s tools to assist in crafting phishing emails.

In response to these findings, Liu Pengyu, a spokesperson for China’s U.S. embassy, denied the accusations, stating that China advocates for the safe and controllable use of AI technology to benefit humanity.

Both Microsoft and OpenAI have pledged to improve their defenses against state-sponsored hacking groups. This includes investing in monitoring technologies to detect threats, collaborating with other AI firms, and increasing transparency regarding AI’s potential safety risks.

Tom Burt, head of Microsoft’s cybersecurity, emphasized that the hacking groups were using OpenAI’s tools for basic productivity purposes, similar to legitimate users. He stated, “They’re just using it like everyone else is, to try to be more productive in what they’re doing.”

This report comes after Microsoft disclosed last month that its corporate systems were targeted by the Russian-backed hacking group Midnight Blizzard. Although only a small percentage of corporate email accounts were accessed, including those of senior leadership and employees from cybersecurity and legal teams, Microsoft took the breach seriously.

Microsoft has been active in reporting state-sponsored hacking efforts. Last year, the company revealed that a “China-based actor” breached email accounts of approximately 25 U.S.-based government organizations. Additionally, Microsoft identified infrastructure hacking by the Chinese hacker Volt Typhoon, which included attacks on U.S. military infrastructure in Guam.

The Canadian government has also voiced concerns about hackers utilizing AI to enhance their attacks. Sami Khoury, Canada’s top cybersecurity official, stated that evidence suggested an increase in hackers using AI for malicious purposes, such as developing malware and creating convincing phishing emails. This warning echoes a report by Europol, which highlighted the ability of tools like OpenAI’s ChatGPT to impersonate organizations or individuals realistically.

The U.K.’s National Cyber Security Centre has also raised alarms about the potential risks of AI in cyberattacks. The agency warned that language models could enable cyberattacks beyond their current capabilities.

As the use of AI in cyberattacks evolves, Microsoft, OpenAI, and other organizations are stepping up their efforts to detect and prevent such threats. However, the evolving nature of cyber warfare underscores the importance of ongoing vigilance and collaboration in the cybersecurity space.