Full Report
OpenAI has revealed that it banned a set of ChatGPT accounts that were likely operated by Russian-speaking threat actors and two Chinese nation-state hacking groups to assist with malware development, social media automation, and research about U.S. satellite communications technologies, among other things. "The [Russian-speaking] actor used our models to assist with developing and refining
Analysis Summary
# Threat Actor: ScopeCreep (Russian-Speaking Actor)
## Attribution & Identity
- **Identification:** A Russian-speaking threat actor identified based on their use of OpenAI models to refine Windows malware.
- **Known Aliases and Associated Groups:** Not explicitly named, but distinct from the Chinese APTs mentioned in the context.
## Activity Summary
The actor used ChatGPT accounts to assist with:
1. Developing and refining Windows malware.
2. Debugging code across multiple languages (including Go, based on evidence).
3. Setting up Command-and-Control (C2) infrastructure.
4. Seeking assistance with integrating the Telegram API and modifying Windows Defender settings via PowerShell commands executed through Go.
The malware campaign itself has been codenamed ScopeCreep by OpenAI. The actor demonstrated knowledge of Windows internals and employed strong operational security (OPSEC) measures. The malware was distributed via a trojanized version of a legitimate video game crosshair overlay tool named **Crosshair X**.
## Tactics, Techniques & Procedures
- **Malware Development:** Used AI models to assist in writing and debugging Windows malware written in Go.
- **Delivery Mechanism:** Distribution via a trojanized, publicly available code repository impersonating "Crosshair X."
- **Initial Access/Infection:** Deployed a malware loader that retrieved and executed further payloads.
- **Privilege Escalation:** Relaunched the process using `ShellExecuteW` to escalate privileges.
- **Defense Evasion:**
- Used PowerShell to programmatically exclude the malware from Windows Defender scans.
- Suppressed console windows.
- Inserted timing delays.
- Used Base64-encoding to obfuscate payloads.
- Employed DLL side-loading techniques.
- **Command and Control (C2):** Used SOCKS5 proxies to conceal source IP addresses.
- **Exfiltration:** Harvested credentials, tokens, and cookies stored in web browsers.
- **Reporting:** Sends alerts to a dedicated Telegram channel upon successful compromise.
- **OPSEC:** Used temporary email accounts, engaging in only one conversation per account to make a single incremental improvement to their development code before discarding the account.
## Targeting
- **Sectors:** General targets indicated by the malware's generic spying capabilities (credential/token theft).
- **Geography:** Implied connection to Russia due to the language used by the actors engaging with OpenAI. The malware targets Windows systems globally.
- **Victims:** Unknown specific victims, but the end goal is the compromise of enterprise/personal endpoints to harvest browser data.
## Tools & Infrastructure
- **Malware Families Used:** ScopeCreep (Go-based malware).
- **Infrastructure (C2, domains, IPs):**
- C2 communication through external servers to retrieve payloads.
- Use of SOCKS5 proxies for anonymization.
- Dedicated Telegram channel for reporting compromises.
## Implications
This actor represents a technically capable threat group focused on developing and deploying sophisticated commodity malware (ScopeCreep). Their effective use of AI to refine low-level malware functionality, evade Windows Defender, and maintain high OPSEC suggests a well-resourced operation, even if the specific campaign observed was not widespread.
## Mitigations
- **Endpoint Security:** Implement robust Endpoint Detection and Response (EDR) solutions capable of detecting process injection, anti-AV modifications (like disabling Defender exclusions), and unusual PowerShell usage.
- **Application Control:** Limit the execution of unsigned or untrusted executables, particularly those delivered via non-standard software distribution methods (like trojanized game tools).
- **Network Monitoring:** Monitor for outbound connections utilizing SOCKS5 proxies or suspicious communication to unknown external servers.
- **User Security Awareness:** Educate users on the risks of downloading software from untrusted developer code repositories or impersonating legitimate tools.
---
# Threat Actor: Chinese Nation-State Hacking Groups (ATP5 & APT15)
## Attribution & Identity
- **Identification:** Two distinct hacking groups attributed to China.
- **ATP5** (Aliases: Bronze Fleetwood, Keyhole Panda, Manganese, UNC2630)
- **APT15** (Aliases: Flea, Nylon Typhoon, Playful Taurus, Royal APT, Vixen Panda)
- **Known Aliases and Associated Groups:** Listed above.
## Activity Summary
These actors used OpenAI models for research and development support across a broad spectrum, indicating intelligence gathering and infrastructure preparation:
1. **Research:** Engaged on topics related to open-source research on entities of interest and technical subjects (e.g., satellite communications technologies).
2. **Development & Configuration:** Sought assistance with Linux system administration, software development, building software packages for offline deployment, and troubleshooting firewall/name server configurations.
3. **Broader Malicious Activity:**
- Developed code to brute-force FTP servers.
- Researched using LLMs to automate penetration testing.
- Developed code to manage fleets of Android devices for social media automation (posting/liking content on Facebook, Instagram, TikTok, X).
## Tactics, Techniques & Procedures
- **Cyber Espionage/Research:** Used AI for complex technical research and troubleshooting.
- **Infrastructure Setup:** Sought help configuring firewalls and name servers.
- **Offensive Tool Development:** Developed brute-force scripts for FTP servers.
- **Automated Influence Operations:** Developed scripts to manage large groups of compromised Android devices for automated engagement on social media platforms (Facebook, Instagram, TikTok, X).
- **AI Utilization:** Leveraged LLMs to accelerate penetration testing methodology research.
## Targeting
- **Sectors:** General intelligence gathering, aiming at entities of interest, including research into U.S. satellite communications technologies.
- **Geography:** Tied to China-origin activity.
- **Victims:** Specific victims are not named, but the activity points toward intelligence gathering and maintaining long-term operational capabilities (infrastructure setup, Android device management).
## Tools & Infrastructure
- **Malware Families Used:** Focus on infrastructure setup, brute-forcing, and social media automation scripts, rather than deployed malware mentioned in detail.
- **Infrastructure (C2, domains, IPs):** Seeking assistance with system configurations, firewalls, and name servers, implying preparation for C2 structure deployment.
## Implications
The involvement of two significant Chinese APTs highlights the strategic interest nation-states have in leveraging commercial LLMs to speed up cyber operations, spanning from basic server configuration to complex Android fleet management and intelligence research.
## Mitigations
- **Network Security:** Harden public-facing services like FTP servers against brute-force attacks (e.g., MFA, rate limiting).
- **Infrastructure Hardening:** Review firewall and name server configurations for adherence to best practices, particularly regarding offline deployment requirements.
- **Insider Threat/Supply Chain:** Maintain high vigilance over the use of AI tools by personnel involved in development and infrastructure management, as code generated via these tools may contain subtle vulnerabilities or lead to unintended data leakage/research exposure.
---
# Other Malicious Activity Clusters Using OpenAI Models
This section summarizes distinct activity clusters identified by OpenAI, all leveraging LLMs for nefarious purposes:
| Cluster Name | Origin | Malicious Focus | Key TTPs/Deliverables |
| :--- | :--- | :--- | :--- |
| **North Korea IT Worker Scheme** | North Korea | Deceptive employment campaigns. | Developed materials to advance fraudulent IT/software engineering job applications globally. |
| **Sneer Review** | China | Bulk social media influence operations. | Bulk generation of posts in English, Chinese, Urdu on geopolitical topics for Facebook, Reddit, TikTok, X. |
| **Operation High Five** | Philippines | Localized political influence. | Bulk generation of short comments (English, Taglish) targeting Philippine politics on Facebook and TikTok. |
| **Operation VAGue Focus** | China | Social engineering and cyber discussion. | Generating posts impersonating journalists/analysts on X; translating sensitive communications; asking about CNE/exploitation tools. |
| **Operation Helgoland Bite** | Russia | Election interference/disinformation. | Generating Russian language content criticizing the U.S./NATO and focusing on the German 2025 election for Telegram and X. |
| **Operation Uncle Spam** | China | Spreading US political polarization. | Generating polarized content supporting both sides of divisive US topics for Bluesky and X. |
| **Storm-2035** | Iran | Influence operations targeting minority rights. | Generating comments supporting Latino rights, Scottish independence, Irish reunification, Palestinian rights; praising Iran's prowess on X. |
| **Operation Wrong Number** | Cambodia (China-run) | Task Scam syndicates. | Generating recruitment messages in multiple languages (English, Spanish, Swahili, etc.) advertising high pay for trivial tasks, often involving charging joining fees (Task Scam methodology). |