On Wednesday, October 9th, according to a threat intelligence report released by the artificial intelligence company OpenAI, cybercriminals affiliated with the Chinese Communist Party (CCP) are targeting OpenAI in an attempt to send malicious software to OpenAI employees through phishing.
OpenAI disclosed that earlier this year, a group suspected to be CCP hackers under the alias “SweetSpecter” impersonated a ChatGPT user and sent support emails to OpenAI staff. ChatGPT is a chatbot developed by OpenAI. These emails contained malicious software attachments that, if opened, would allow “SweetSpecter” to capture screenshots and steal data, although the phishing attempt was unsuccessful.
“We blocked a suspected Chinese (CCP) threat actor named ‘SweetSpecter’, successfully preventing their spear-phishing attack against the personal and corporate email addresses of OpenAI employees,” the report stated.
“OpenAI’s security team reached out to employees believed to have been targeted in this spear-phishing activity, finding that existing security controls prevented the emails from reaching their corporate emails,” the report added.
This latest report highlights the potential cybersecurity risks faced by leading AI companies in the United States. In March of this year, a former Google engineer was accused of stealing Google’s AI trade secrets for a Chinese company.
OpenAI mentioned that the hackers behind SweetSpecter also utilized tools provided by OpenAI for activities such as “reconnaissance, vulnerability research, scripting support, evasion of anomaly detection, and development.”
OpenAI has banned several accounts associated with this hacker group, although the exact number is undisclosed.
According to the U.S. cybersecurity company Palo Alto Networks, the SweetSpecter hacker group acts in the interest of the CCP government and has previously targeted embassies, government departments, government officials, and other political entities.
While the CCP government has repeatedly denied allegations of cyberattacks originating from within its borders against the U.S., mounting evidence suggests that cyberattacks linked to China have been on the rise.
Explanations from PCMag reveal that the phishing attacks by the CCP hackers SweetSpecter involve sending compressed files (.zip) to OpenAI employees, disguised as common “issue” emails encountered by the recipients, along with a formal email explaining how they found “shortcomings” in ChatGPT.
However, these emails were all blocked by OpenAI’s internal security systems and did not successfully find their way into the company’s mailboxes.
PCMag further indicates that downloading the attached compressed file would prompt a document detailing presumed error messages from ChatGPT, while the “SugarGh0st RAT” Windows malware would attempt to take control of the computer in the background, allowing hackers to steal data and access the computer.