OpenAI halts nation-state cyber-crews; accounts turned off

OpenAI has shut down five accounts that were allegedly being used by government agents from China, Iran, Russia, and North Korea. According to OpenAI, these accounts were being used to generate phishing emails, write malicious software scripts, and conduct research on evading malware detection. The company, backed by Microsoft, worked with its sponsor to identify and deactivate the accounts. The terminated accounts include two China-affiliated threat actors known as Charcoal Typhoon and Salmon Typhoon, Iran-affiliated Crimson Sandstorm, North Korea-affiliated Emerald Sleet, and Russia-affiliated Forest Blizzard. OpenAI clarified that its models have limited capabilities for conducting malicious cybersecurity tasks and that they make efforts to prevent misuse through filtering requests. Microsoft’s Threat Intelligence team also provided its analysis of the activities carried out by these accounts. Chinese threat actors used OpenAI’s models to research specific companies and intelligence agencies, while Iranian actors sought to evade malware detection and develop phishing attacks. North Korean actors used the AI lab to find information on defense issues and public vulnerabilities, and Russian actors researched open source satellite and radar imaging technology. OpenAI previously downplayed the ability of its models to aid attackers, stating that they perform poorly at crafting exploits for known vulnerabilities.