UPDATED 14:21 EST / FEBRUARY 14 2024

SECURITY

Microsoft, OpenAI release new research on state-backed hackers’ use of AI models

Microsoft Corp. and OpenAI have revealed that several state-backed hacking groups are using artificial intelligence large language models to support their cyberattack campaigns.

The companies released their findings in two blog posts published this morning. In conjunction, Microsoft and OpenAI detailed a set of principles that inform their efforts to tackle the use of artificial intelligence by state-backed hackers and other threat actors. The principles cover best practices such as blocking the accounts that hackers create to access LLM-powered chatbots.

The first focus of the companies’ newly published research is a Russian hacking group tracked as Forest Blizzard. According to Microsoft and OpenAI, the group targets organizations in a variety of segments including the defense, energy and transportation sectors. Microsoft determined that Forest Blizzard has been “extremely active in targeting organizations in and related to Russia’s war in Ukraine.”

According to the companies, the group used OpenAI services to research satellite communication protocols and radar imaging technology. Additionally, Forest Blizzard leveraged AI to support its script development efforts. The hackers sought assistance with scripting tasks such as file manipulation and data selection.

As part of their research, Microsoft and OpenAI also tracked the activities of a North Korean hacking group referred to as Emerald Sleet. The companies determined the group has been using spear-phishing emails to gather intelligence from experts on North Korea. Emerald Sleet used OpenAI services to find such experts, develop content that “would likely be for use in spear-phishing campaigns” and research scripting techniques.

Microsoft determined that an Iranian hacking group tracked as Crimson Sandstorm likewise used OpenAI services. According to the company, the group often carries out cyberattacks with malware based on the .NET framework. Crimson Sandstorm used OpenAI services to develop .NET code, as well as research ways of disabling antivirus applications.

In its blog post, Microsoft also shared research about two Chinese state-affiliated hacking groups. The first is tracked as Charcoal Typhoon and is known to have targeted organizations in a variety of industries including the defense sector. According to Microsoft, the hackers have recently been performing “limited exploration” of how LLMs could be used for tasks such as understanding commodity cybersecurity tools.

The second hacking group is tracked as Salmon Typhoon. It’s described by Microsoft as a sophisticated threat actor with a history of targeted organizations in the U.S. defense sector. According to the company, Salmon Typhoon used OpenAI services to troubleshoot code errors, as well as conduct research on intelligence agencies, malware development techniques and other topics.

Alongside their newly published research, Microsoft and OpenAI today detailed a set of principles that will guide their efforts to tackle hackers’ use of AI.

The first principal specifies that the companies will actively seek to prevent threat actors from using their AI services. Their efforts in this area will encompass chatbots such as ChatGPT, as well as application programming interfaces and other offerings. Upon detecting service usage by hackers, OpenAI and Microsoft will take “appropriate action to disrupt their activities, such as disabling their accounts, terminating services, or limiting access to resources.”

The other principles the companies outlined cover a number of related best practices. They plan to share data about state-backed threat actors’ use of AI with other industry players, as well as inform the public about important developments in this area. OpenAI, for its part, added that it will use the data it collects about hacker activity to enhance its AI systems’ safety mechanisms. 

Photo: Unsplash

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU