Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security

OpenAI Says China-Linked Group Tried to Phish Its Employees (yahoo.com) 21

OpenAI said a group with apparent ties to China tried to carry out a phishing attack on its employees, reigniting concerns that bad actors in Beijing want to steal sensitive information from top US artificial intelligence companies. From a report: The AI startup said Wednesday that a suspected China-based group called SweetSpecter posed as a user of OpenAI's chatbot ChatGPT earlier this year and sent customer support emails to staff. The emails included malware attachments that, if opened, would have allowed SweetSpecter to take screenshots and exfiltrate data, OpenAI said, but the attempt was unsuccessful.

"OpenAI's security team contacted employees who were believed to have been targeted in this spear phishing campaign and found that existing security controls prevented the emails from ever reaching their corporate emails," OpenAI said. The disclosure highlights the potential cybersecurity risks for leading AI companies as the US and China are locked in a high-stakes battle for artificial intelligence supremacy. In March, for example, a former Google engineer was charged with stealing AI trade secrets for a Chinese firm.

This discussion has been archived. No new comments can be posted.

OpenAI Says China-Linked Group Tried to Phish Its Employees

Comments Filter:
  • nothing new (Score:5, Insightful)

    by ole_timer ( 4293573 ) on Wednesday October 09, 2024 @10:32AM (#64851157)
    china has been attacking us for at least two decades, maybe longer
    • I came here to make almost the same comment. Similar thing happened to me at a chip firm two decades ago.
      • by ls671 ( 1122017 )

        I came here to make almost the same comment. Similar thing happened to me at a chip firm two decades ago.

        Me too, China and others phishes everybody at large. I know since I run some mail servers and mail filters with several users.

    • The biggest self-own of the 21st century is how the democratic, free world built up their two main rivals that seek to undermine, divide, outmaneuver, and ultimately destroy them: Russia and China.
      By buying their energy (Russia) and exporting our manufacturing and tech to those countries (China). China has been so ruthless in stealing technology and capabilities, while hugely subsidizing key industries, destroying incumbent companies in the West, it's an utter and complete policy failure that there has been

      • Actually the problem with China was allowing them into the WTO while also allowing them to blatantly ignore all of the rules.

        • Yes! There would be a thousand arguments for throwing them out. Unfortunately China is exerting alot of "influence" on these international organizations like WTO and WHO, which probably means money payments, corruption... but that is hard to prove. Also you always hear the tired old argument that Western companies are afraid of losing access to the big, Chinese market. Not realizing the obvious that China is assimilating the tech through forced partnerships, embracing the foreign companies until it is ready

    • My first sysadmin job was nearly 30 years ago. I worked for Silicon Engineering, nee Sequoia Semiconductor. At that time China had already been delidding and reverse engineering silicon for a decade or more, and was also suspected of actual assaults on technical facilities (like with armed groups with automatic weapons) including Seagate (where I knew some people who told me about being attacked for prototypes.) not sure how that investigation came out.

    • by necro81 ( 917438 )

      china has been attacking us for at least two decades, maybe longer

      Reads a lot like "Oceania has always been at war with Eastasia."

  • If anybody can smell bullshit and fakery from a mile away, it's people who work on ChatGPT.

  • Just flood the model with "Tankman", "Nation of Taiwan", and "Xi the Pooh" so that they corrupt their copy of the model trying to "clean" it.

  • Me too (Score:4, Interesting)

    by CEC-P ( 10248912 ) on Wednesday October 09, 2024 @10:43AM (#64851189)
    Yeah, blocked about 15 this morning because I'm on office 365 admin maintenance duties this week. You aint special. We got a fake USDA request for bid campaign using a fake "gov.us" domain ending that I just eliminated with KQL.
  • by buck-yar ( 164658 ) on Wednesday October 09, 2024 @10:49AM (#64851207)
    Who doesn't get these types of attempts? Maybe a little more directed because of their prominence, but would it make news if someone did this to Microsoft or Google? This seems expected and par for the course.
  • by zuckie13 ( 1334005 ) on Wednesday October 09, 2024 @11:02AM (#64851233)

    On what day of the week/month/year does anyone believe China is not trying to get information on U.S. companies?

  • ... then it's probably time to think about setting up honeypots.

    Let them exfitrate the data. The wrong data. Data that looks right and will take them a long time to learn that it's not, after significant wasted effort.

  • So they are using jam bands to steal info?

  • by laughingskeptic ( 1004414 ) on Wednesday October 09, 2024 @12:10PM (#64851399)
    Hopefully OpenAI did not just pat their security team on the back and they eliminated this worst-practice from their customer ticket handling processes. The #1 way that hackers own companies is by submitting an excellent, exploit laden resume for an IT job. Organizations source these from many sources and too many organizations ultimately workflow down-selected resumes internally as email attachments. Instead the resumes should be posted to a cloud drive and viewed via a browser, with just the link to the cloud drive workflowed. OpenAI needs to make it clear that attachments to support emails are not supported and require people to provide a cloud drive link instead or use a traditional ticketing system instead of email entirely.
  • Did they think they were special? It would be weird to not experience hacking and social engineering at a company like OpenAI.

The "cutting edge" is getting rather dull. -- Andy Purshottam

Working...