398/68 Friday, October 10, 2025
OpenAI announced that it has suspended accounts linked to three hacker groups that misused ChatGPT to aid in the development of malware and cyberattack tools. One of the groups, a Russian-speaking threat actor, reportedly used the AI model to help build and refine a Remote Access Trojan (RAT) and data-stealing malware by assembling small code snippets into full functionalities-an attempt to bypass safeguards that prevent the generation of harmful content. Evidence of this activity was shared in Telegram channels tied to Russian cybercriminal communities.
Another group was traced to North Korea, aligning with known phishing campaigns against South Korean diplomatic entities. They allegedly used ChatGPT to assist in developing malware for command-and-control (C2) operations, creating macOS extensions, configuring Windows Server VPNs, converting Chrome extensions to Safari, and stealing user credentials.
The third group has ties to a Chinese hacking outfit known as UNK_DropPitch (UTA0388), which targeted investment firms and the semiconductor industry in Taiwan. This group reportedly leveraged ChatGPT to craft multilingual phishing emails and develop attack-enhancement tools such as remote execution scripts and HTTPS traffic protection mechanisms.
Beyond these cases, OpenAI also detected ChatGPT being misused in fraud campaigns and disinformation operations across several countries. For example, actors in Cambodia, Myanmar, and Nigeria used AI-generated content on social media to promote investment scams. Meanwhile, accounts linked to the Chinese government reportedly used ChatGPT to analyze online media and generate propaganda narratives aimed at discrediting Western countries.
OpenAI stated it is strengthening monitoring and safeguards to prevent misuse of its technology and is actively collaborating with industry and government partners to develop robust AI security measures.
Source https://thehackernews.com/2025/10/openai-disrupts-russian-north-korean.html
