Charcoal Typhoon

Threat Actor Profile Updated 24 days ago
Download STIX
Preview STIX
Charcoal Typhoon, a China-affiliated threat actor, has been identified as one of the state-backed groups using OpenAI's ChatGPT for malicious purposes. The group is known for focusing on tracking groups in Taiwan, Thailand, Mongolia, Malaysia, France, Nepal, and individuals globally that oppose China's policies. In recent operations, Charcoal Typhoon used ChatGPT to research various companies and cybersecurity tools, debug code and generate scripts, and create content likely for use in phishing campaigns. Their interaction with language learning models (LLMs) indicates an intent to augment their technical operations. OpenAI, in collaboration with Microsoft Threat Intelligence, disrupted hacking attempts from five state-affiliated malicious actors, which included Charcoal Typhoon and another China-linked group, Salmon Typhoon. The other groups were Crimson Sandstorm from Iran, Emerald Sleet from North Korea, and Forest Blizzard from Russia. These attacks were based on OpenAI’s ChatGPT, the same technology behind Microsoft’s Copilot, in which Microsoft has invested $13 billion. The utilization of AI services by these groups ranged from researching specific technologies, platforms, and vulnerabilities to generating content for spear-phishing campaigns and debugging code. However, despite the potential for AI to supercharge coding or develop new techniques for evading detection, such serious advances have not yet been observed. The focus so far appears to be on preliminary information-gathering stages and enhancing existing strategies.
What's your take? (Question 1 of 1)
53a81f96-b1e0-4272-a9c3-95ebeaf69641 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Phishing
Chromium
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Charcoal Typhoon Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
10 months ago
Global hacking campaign launched by Chinese hacking operation
CERT-EU
3 months ago
Microsoft, OpenAI move to fend off genAI-aided hackers — for now
InfoSecurity-magazine
3 months ago
Microsoft, OpenAI Confirm Nation-States are Weaponizing Generative AI
CERT-EU
9 months ago
Chinese Redfly Group Compromised a Nation's Critical Grid in 6-Month ShadowPad Campaign
Securityaffairs
3 months ago
Nation-state actors are using AI services and LLMs for cyberattacks
CERT-EU
3 months ago
OpenAI, Microsoft crack down on hackers using ChatGPT | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
3 months ago
Microsoft, OpenAI move to fend off genAI-aided hackers — for now
BankInfoSecurity
3 months ago
OpenAI and Microsoft Terminate State-Backed Hacker Accounts
DARKReading
3 months ago
Microsoft, OpenAI: Nation-States Are Weaponizing AI in Cyberattacks
DARKReading
2 months ago
Threat Report: Examining the Use of AI in Attack Techniques