OpenAI has terminated accounts linked to 10 malicious campaigns that exploited ChatGPT for various nefarious activities, including fake IT worker schemes, disinformation operations, malware development, and social engineering attacks targeting organizations worldwide. The AI company’s threat intelligence report reveals that nearly half of these operations likely originated from China, with additional campaigns attributed to Russian and North Korean-linked actors who leveraged the language model to enhance their cyber capabilities and reach.
Among the most notable operations were fake IT worker campaigns consistent with North Korean schemes, where threat actors used ChatGPT to craft sophisticated application materials for remote software engineering positions. These campaigns went beyond creating fake personas with fabricated employment histories, expanding to auto-generate resumes and establish recruiting networks that included operators in Africa posing as job applicants and individuals in North America running laptop farms. The activities mirror previous documented cases where North Korean operatives infiltrated US companies to generate revenue while maintaining access to corporate networks.
Russian-backed accounts were caught using ChatGPT to generate German-language disinformation content about Germany’s 2025 election, distributing propaganda through Telegram channels and social media platforms with tens of thousands of followers. In a particularly sophisticated operation, a Russian-speaking individual used ChatGPT to develop Windows malware called ScopeCreep, employing careful operational security practices by using temporary email addresses and limiting each account to single conversations about incremental code improvements. The malware, designed to steal browser credentials and tokens, was distributed through a fake gaming tool repository but ultimately saw limited widespread adoption.
Chinese government-backed operators represented the largest segment of malicious activity, with accounts linked to APT5 and APT15 using ChatGPT to generate massive volumes of social media content across platforms like TikTok, Facebook, and Reddit. The content focused primarily on Taiwan, American politics, and pro-Chinese Communist Party narratives in both English and Chinese. These operators also leveraged the AI for technical support including open-source research, script development, system troubleshooting, and infrastructure setup involving VPNs, Docker containers, and reconnaissance frameworks, though OpenAI noted the assistance didn’t provide capabilities beyond publicly available resources.