Charcoal Typhoon

Charcoal Typhoon, a China-affiliated threat actor, has been identified as one of the state-backed groups using OpenAI's ChatGPT for malicious purposes. The group is known for focusing on tracking groups in Taiwan, Thailand, Mongolia, Malaysia, France, Nepal, and individuals globally that oppose China's policies. In recent operations, Charcoal Typhoon used ChatGPT to research various companies and cybersecurity tools, debug code and generate scripts, and create content likely for use in phishing campaigns. Their interaction with language learning models (LLMs) indicates an intent to augment their technical operations. OpenAI, in collaboration with Microsoft Threat Intelligence, disrupted hacking attempts from five state-affiliated malicious actors, which included Charcoal Typhoon and another China-linked group, Salmon Typhoon. The other groups were Crimson Sandstorm from Iran, Emerald Sleet from North Korea, and Forest Blizzard from Russia. These attacks were based on OpenAI’s ChatGPT, the same technology behind Microsoft’s Copilot, in which Microsoft has invested $13 billion. The utilization of AI services by these groups ranged from researching specific technologies, platforms, and vulnerabilities to generating content for spear-phishing campaigns and debugging code. However, despite the potential for AI to supercharge coding or develop new techniques for evading detection, such serious advances have not yet been observed. The focus so far appears to be on preliminary information-gathering stages and enhancing existing strategies.