PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Chinese Hackers Sent OpenAI Staff Malware in Spear-Phishing Attacks

Hackers have been sending OpenAI employees suspicious zip files containing Windows malware—and using ChatGPT to conduct attacks.

Kate Irwin
 & Kate Irwin Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Credit: Tada Images/Shutterstock.com)

OpenAI was targeted by Chinese cybercriminals who sent malware to OpenAI employees, according to an intelligence threat report the company published on Wednesday.

"We disrupted a suspected China-based threat actor known as 'SweetSpecter' that was unsuccessfully spear phishing OpenAI employees' personal and corporate email addresses," OpenAI says.

The SweetSpecter hackers are also using OpenAI's tools to conduct its operations, according to the company, which said it's banned an unspecified number of accounts it believes are tied to the group. The hackers are reportedly using OpenAI tools for things like "reconnaissance, vulnerability research, scripting support, anomaly detection evasion, and development."

The group previously targeted embassies, ministries, government officials, and other political entities, and aligns with Chinese government interests, according to US cybersecurity firm Palo Alto Networks.

Recommended by Our Editors

Google's Agentic AI Tool Gemini Spark Is Now Available. Here's How to Try It
Google's Agentic AI Tool Gemini Spark Is Now Available. Here's How to Try It
I Used ChatGPT to Build Complex Spreadsheets Fast. Here’s How You Can, Too
I Used ChatGPT to Build Complex Spreadsheets Fast. Here’s How You Can, Too
GitHub Copilot Costs Skyrocket As Users Are Pushed to Per-Token Billing
GitHub Copilot Costs Skyrocket As Users Are Pushed to Per-Token Billing

Here's how the spear-phishing attack works: Hackers sent .zip files to OpenAI staff claiming to detail the sender's "problems," accompanied by a formal email about how they found "shortcomings" in ChatGPT. These emails, however, were blocked from reaching corporate inboxes by OpenAI's internal security systems.

If the zip file was downloaded, a document would appear listing supposed error messages from ChatGPT, when, in the background, "SugarGh0st RAT" Windows malware would assume control over the PC, allowing the hackers to swipe data and access the computer.

These attacks were unsucessful, however, according to OpenAI. They're also separate from a successful breach of an OpenAI Newsroom X account last month, where hackers used the account to promote a fake token drop that was actually a crypto phishing scam that would drain victims' wallets.

Phishing email scams are a real concern for both everyday consumers and employees at tech firms. Phishing attacks can lead to massive corporate data breaches or lost funds and can happen via email, phone, or text. Thankfully, learning about the most common techniques and types of attacks can protect you from falling for phishing scams.

About Our Expert

Kate Irwin

Kate Irwin

Reporter

I’m a reporter for PCMag covering tech news early in the morning. Prior to joining PCMag, I was a producer and reporter at Decrypt and launched its gaming vertical, GG. I have previously written for Input, Game Rant, Dot Esports, and other places, covering a range of gaming, tech, crypto, and entertainment news.

I’ve been a PC gamer since The Sims (yes, the original) in the CD-ROM days. I still think about my first-gen pink iPod mini, which, looking back, was not so mini. In 2020, I finally built my own custom Windows PC for gaming with a 3090 graphics card, but I also regularly use Mac and iOS devices. As a reporter, I’m passionate about documenting the wide world of tech and how it affects our daily lives.

My Areas of Expertise

  • Microsoft
  • Google
  • Artificial intelligence 
  • Cybersecurity
  • Video games are a big one. I specialize in shooters (Apex Legends, Fortnite, Overwatch) but I occasionally test out other genres as well, especially indie games or cozy games (The Sims series, Animal Crossing). 
  • The business and tech that powers video games
  • Cryptocurrency and blockchain technology
  • Social media platforms, including Meta’s apps, X/Twitter, Telegram, TikTok, etc.
  • Tech regulation

The Technology I Use

  • MSI gaming laptops
  • Nvidia graphics cards
  • AMD CPUs
  • MacBook Pro and Air laptops
  • An iPhone from 2019 (though I’m thinking about getting a “dumb phone” like the Light Phone)
  • Nintendo Switch
  • PlayStation 5
  • Freewrite Traveler 
  • At home: Sonos speakers (we have them all over the house), Philips Hue + Ring security products

Read the latest from Kate Irwin

Read full bio