OpenAI Blocks North Korean Hacking Groups from Using Chat GPT

OpenAI has made a significant move to curb potential cyber threats by blocking several North Korean hacking groups from using its ChatGPT platform. These malicious actors were attempting to exploit the AI tool to gather intelligence on future targets and devise methods to infiltrate networks.

The revelation came in OpenAI’s February 2025 threat intelligence report, which emphasized that the company identified the accounts betraying “activity potentially associated with publicly reported Democratic People’s Republic of Korea (DPRK)-affiliated threat actors.

Those blocked accounts weren’t operating in a vacuum. According to information from an industry partner, these threat actors engaged in activities consistent with groups like VELVET CHOLLIMA (AKA Kimsuky, Emerald Sleet) and another group identified by a credible source to be linked to STARDUST CHOLLIMA (AKA APT38, Sapphire Sleet).

Use of Chat GPT by Cyber-Groups

The malicious actors utilized ChatGPT for a variety of purposes, including researching cyberattack tools, seeking information on cryptocurrency-related topics—common interests among North Korean state-sponsored threat groups, and even coding assistance for using open-source Remote Administration Tools (RAT).

The exploitation of ChatGPT by these groups serves as a sobering reminder of how AI tools can be used for both benign and malicious purposes. North Korean hacking groups were not only using the platform for research but were also employing it for debugging, researching, and developing publicly available security tools and code. This could have profound implications for industries across the United States, especially those dealing with sensitive infrastructure and financial data.

For instance, imagine a scenario where a major U.S. financial institution is targeted. These groups could potentially use the same tools they researched on Chat GPT to stage attacks, compromising the institution’s security and possibly leading to financial instability. Each discovery by the threat analysts sheds light on the evolving tactics of North Korean cyber-operations and intensifies the need for advanced cybersecurity measures.

The intelligence from these actions reveals potential attack vectors that could affect U.S. infrastructure. For example, research on vulnerabilities in various applications and developing custom malware can disrupt power grids, financial services, and even healthcare systems, posing significant risks across various sectors.

Preemptive Security Measures

The company’s proactive stance didn’t stop there. OpenAI took additional steps, evolving response measures to address the discovered threats. Some of the banned accounts attempted to exploit widely trusted AI models to carry out phishing attacks against cryptocurrency investors and traders. Other identified activities included the sophisticated development and execution of obfuscated payloads, scripting ransomware deployment, and engineering extensive social engineering moments.

“We banned accounts demonstrating activity potentially associated with publicly reported Democratic People’s Republic of Korea (DPRK)-affiliated threat actors,” the report February 2025 report stated.

One of the significant developments from this discovery was sharing insights with the broader cybersecurity community. Specific URLs were submitted to an online scanning service with compiled executable files, providing crucial information for even more comprehensive and diverse initiatives.

This proactive sharing of information with the agency—while affecting North Korea—serves as a protective measure for all participating, safeguarding other hypothetical victims.

The Broader Implications

While the direct threat was identified as being siloed and targeted imperatives, the observation-crucially underlined underscores the higher potential—grassroots initiatives across enemy lines.

In October 2023, OpenAI also disrupted two additional campaigns from China, codenamed “Peer Review” and “Sponsored Discontent,” which used ChatGPT models to link to a surveillance operation and create anti-American content in Spanish. OpenAI, while maintaining transparency, shares meaningful observations—providing tools to combat bickering and to implement intelligence frameworks.

Training Grounds and Succession of Tactics

The scope of this development underscores increased scrutiny on potential patterns with broader cyber-espionage. Events indicate potential framings—how emerging AI functionalities and threat mitigation could enhance cyber landscape.”—a progressive outlook, and effective security practices could corroborate preventive security implementations.

Since the beginning of 2024, the vigil by AI has disrupted over twenty campaigns originating from Iranian and Chinese state-sponsored hackers.”—best practices encapsulate lessons learned could help navigate and combat upcoming financial inheritances.

The latest moves reinforce the significance of vigilance and proactivity. While identifying overt means potential milestones could encompass failures—the voluntary choice—field manipulation tactics.

OpenAI Blocks North Korean Hacking Groups from Using Chat GPT

Introduction

In an effort to mitigate cyber threats, OpenAI took decisive action to block North Korean hacking groups from accessing its ChatGPT platform. This move aims to prevent the malicious exploitation of AI tools, as it was identified that thes groups used the platform for malicious purposes such as targeting future cyberattacks and network infiltration.

---

Key questions and Answers

Q1: Why did OpenAI block North Korean hacking groups from using ChatGPT?

A: OpenAI blocked accounts associated with North korean hacking groups as these groups were exploiting ChatGPT to gather intelligence on potential future cyber-attack targets, develop methods to infiltrate networks, and research on cyberattack tools. The February 2025 threat intelligence report from OpenAI highlighted these suspicious activities as being linked to DPRK-affiliated threat actors. OpenAI’s proactive measure is crucial for preventing misuse of AI tools for malicious intentions and safeguarding sensitive data and infrastructure.

Q2: Which North Korean hacking groups were involved?

A: The report identified activities consistent with groups like VELVET CHOLLIMA (also known as Kimsuky and Emerald Sleet) and STARDUST CHOLLIMA (also known as APT38 and Sapphire Sleet). These groups are known for state-sponsored cyber operations against various targets. [2]

Q3: How were these threats detected and what actions were taken by OpenAI?

A: Through collaboration with industry partners and their threat intelligence operations, OpenAI detected the misuse of their AI platform for malicious activities. OpenAI identified these accounts and implemented account bans to prevent further exploitation. Additionally, they shared critical intelligence, like URLs with compiled executable files, with the broader cybersecurity community to bolster defenses against similar threats. [2]

Q4: What specific malicious activities were these hackers using ChatGPT for?

A: These hacker groups used ChatGPT for various malicious purposes, including researching tools for cyberattacks, gaining insights into cryptocurrency transactions, and seeking assistance in coding open-source Remote Administration Tools (RAT), which can be used to control systems remotely. This demonstrates both the potential and risks associated with broad AI usage.

Q5: What are the broader implications of AI misuse by malicious actors?

A: the case illustrates the dual-use nature of AI tools—not only can they foster innovation and beneficial applications, but they also pose significant security risks if leveraged for malicious purposes. This underscores the need for vigilance and preventive security measures across all industries, particularly those handling critical infrastructure and financial data. Furthermore,it highlights the importance of sharing threat intelligence within the cybersecurity community to mitigate risks and prevent incidents.

---

Preemptive Security Measures

• Use of AI Models for Malicious Activities: There were attempts to use AI models for phishing attacks against cryptocurrency investors and to develop and execute ransomware and social engineering attacks.OpenAI banned accounts demonstrating these malevolent activities.
• Sharing of Threat Intelligence: by sharing their findings and contributing to an online scanning service with executable files, OpenAI aimed to protect not only against the known threats from North Korea but also to bolster defenses against potential future exploits from other actors.
• Continued Vigilance: OpenAI’s efforts exemplify the need for ongoing monitoring and swift response to cyber threats in the rapidly evolving digital landscape.

---

Conclusion

With constant vigilance and proactive measures, companies like OpenAI play a critical role in maintaining cybersecurity and safeguarding technological advancements in AI. This incident serves as a potent reminder of the importance of harnessing AI responsibly and proactively sharing intelligence within the cybersecurity community to protect against evolving threats. As AI continues to advance, collaborative efforts and stringent security protocols will remain vital in mitigating potential abuses.