Singapore-based cybersecurity provider Group-IB has identified that more than 225,000 logs containing compromised OpenAI ChatGPT credentials were up for sale on the dark web between January and October 2023.
These credentials were found within the logs of information-stealing malware, LummaC2, Raccoon, and RedLine.
Group-IB’s analysis revealed that the majority of the logs containing ChatGPT accounts were breached by the LummaC2 information stealer amounting to 70,484 devices followed by Raccoon (22,468) and RedLine (15,970).
"The number of compromised hosts with access to ChatGPT between June 2023 and October 2023 was more than 130,000, an increase of 36 percent compared to the preceding five-month period (January-May 2023)," Group-IB said in its Hi-Tech Crime Trends 2023/2024 report.
Underground LLM tools
With the increased misuse of ChatGPT and the development of underground large language model (LLM) tools, Group-IB's CEO Dmitry Volkov said, "the potential for sophisticated attacks has escalated, compounded by the alarming surge in compromised ChatGPT credentials."
Threat actors have been using LLMs to develop malware, brainstorm new tactics, techniques, and procedures, compose convincing text to be used in social engineering attacks, and also increase their operational productivity.
Recently, Microsoft and OpenAI also revealed in a security blog post that cybercrime groups, nation-state threat actors and other adversaries linked with Russia, North Korea, Iran, and China are exploring and testing different artificial intelligence (AI) and large language models (LLM) tools to perform malicious cyber activities.
"While research with OpenAI has not identified significant attacks employing the LLMs, we are closely monitoring to expose early-stage, incremental moves attempted by threat actors," Microsoft said.
The partners recommend healthy practices such as multi-factor authentication (MFA) and Zero Trust defences to mitigate such attempts.
