OpenAI, in collaboration with Microsoft, has shut down accounts associated with five nation-state hacking groups, including those from China, Russia, Iran, and North Korea, amid concerns over potential cyberattacks utilizing large language models (LLMs).
While no significant attacks using LLMs have been identified, state-affiliated hackers are exploring AI technologies to enhance their operational capabilities and evade security controls, according to a joint report by OpenAI and Microsoft.
China-linked threat actors, such as Charcoal Typhoon and Salmon Typhoon, were observed using LLMs for reconnaissance and refining operational techniques, while Russian military intelligence unit Forest Blizzard focused on satellite and radar technologies, possibly for military operations in Ukraine.
North Korean group Emerald Sleet and Iranian group Crimson Sandstorm were also found leveraging LLMs for various purposes, highlighting the broader trend of nation-state actors adopting AI for cyber activities. In response, Microsoft has outlined principles to mitigate the misuse of AI models by state-backed hackers, emphasizing collaboration and transparency in addressing emerging threats.
