OpenAI has published a report looking at AI-enabled malicious activity, noting that threat actors are increasingly using AI tools to assist in social engineering attacks and influence operations.
In one case, the company banned ChatGPT accounts that were likely being used in North Korean attempts to fraudulently obtain jobs at US companies.
“Similar to the threat actors we disrupted and wrote about in February, the latest campaigns attempted to use AI at each step of the employment process.
Previously, we observed these actors using AI to manually generate credible, often U.S.-based personas with fabricated employment histories at prominent companies. This time, they attempted some degree of automated generation of resumes, and some indicators suggest operators in Africa posing as job applicants, in addition to recruiting people in North America to run laptops on their behalf.”
OpenAI describes another operation, likely based in China, that abused ChatGPT to create phony social media posts for the purpose of intelligence gathering.
“We banned a small network of ChatGPT accounts that used our models to generate social media posts, analyze datasets, and translate emails and messages that resembled attempts at social engineering from Chinese to English.
"The accounts prompted our models in Chinese and were mostly active during mainland Chinese business hours. They generated messages that purported to come from employees of three geopolitically focused entities: ‘Focus Lens News’, ‘BrightWave Media Europe,’ and ‘Visionary Advisory Group’ (VAG). In addition, the ChatGPT accounts generated text that matched the posts and bios of X accounts associated with these three entities. The threat actors separately described these entities as fronts for intelligence collection and analysis.”
AI-assisted attacks will only grow more sophisticated as the technology improves. New-school security awareness training can help your employees keep up with evolving threats. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
OpenAI has the story.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
