The company further explained, “While we cannot determine the locations or nationalities of the actors, the activity we disrupted shared characteristics publicly reported about North Korean state efforts to funnel income through deceptive hiring schemes, where individuals fraudulently obtain positions at Western companies to support the regime’s financial network.”
Additionally, OpenAI noted that the perpetrators used social media to recruit individuals willing to lend their identities or host laptops to help job applicants pass background checks. The AI models were even used to prepare responses for technical and behavioral interview questions.
Impact on International Security
The timing of this report aligns with increased efforts by Seoul and Washington to counter North Korea’s deceptive overseas IT operations. These fraudulent activities are believed to be a significant revenue source for the regime’s nuclear and ballistic missile programs.
The banned actors generally used OpenAI’s services for various technical purposes, including querying open-source information, translating content, finding coding errors, and executing basic coding tasks.
Additional Threat Actors Identified
OpenAI’s investigation uncovered multiple cyber threat actors exploiting its services:
- Charcoal Typhoon: Researched companies and cybersecurity tools, debugged code, generated scripts, and created phishing-related content.
- Salmon Typhoon: Translated technical papers, retrieved publicly available intelligence agency data, assisted with coding, and researched methods to obscure processes on a system.
- Crimson Sandstorm: Used AI for web and app development scripting, generated phishing campaign content, and researched malware evasion techniques.
- Emerald Sleet: Identified defense experts and organizations in the Asia-Pacific region, researched vulnerabilities, assisted with scripting, and drafted phishing content.
- Forest Blizzard: Focused on open-source research into satellite communication protocols and radar imaging technology, along with scripting support.
As AI technology advances, so do the risks associated with its misuse.
