A report published this week by OpenAI reveals that the artificial intelligence company has disrupted more than 20 cyber and covert influence operations since the beginning of the year, including the activities of Iranian and Chinese state-sponsored hackers.

The report highlights the activities of three threat groups that have abused ChatGPT to conduct cyberattacks.

One of these threat actors is CyberAv3ngers, a group linked to Iran’s Islamic Revolutionary Guard Corps (IRGC) that has made headlines this year for its attacks on the water sector.

The group has targeted industrial control systems (ICS) at a water utility in Ireland (the attack left people without water for two days), a water utility in Pennsylvania, and other water facilities in the United States. 

These attacks did not involve sophisticated hacking and instead relied on the fact that many organizations leave ICS exposed to the internet and protected with easy to obtain default credentials. 

According to OpenAI, accounts associated with CyberAv3ngers used ChatGPT to conduct reconnaissance, but also to help them with vulnerability exploitation, detection evasion, and post-compromise activity.

Many of the reconnaissance activities are related to conducting attacks on programmable logic controllers (PLCs) and other ICS. 

Specifically, the hackers asked ChatGPT for industrial ports and protocols that can connect to the internet; industrial routers and PLCs commonly used in Jordan, as well as electricity companies and contractors in this country; and default passwords for Tridium Niagara devices and Hirschmann RS industrial routers.

In addition to ICS-themed information, the hackers wanted to know about scanning networks for exploitable vulnerabilities, obfuscating malicious code, and accessing user passwords on macOS. 

However, OpenAI’s investigation into the hackers’ activities on ChatGPT showed that “these interactions did not provide CyberAv3ngers with any novel capability, resource, or information, and only offered limited, incremental capabilities that are already achievable with publicly available, non-AI powered tools”.

It’s worth noting that the US government has made public the identities of several alleged members of the Cyber Av3ngers group, offering up to $10 million for information on the hackers. Cyber Av3ngers is believed to be a persona used by the Iranian government to conduct malicious cyber activities, and the group’s members allegedly work for Iran’s military. 

OpenAI’s new report also describes the activities of another Iranian hacker group on ChatGPT: Storm-0817. The group attempted to use the AI service for information that could be used in the development of a piece of malware designed to steal information from Android devices. The threat actor also leveraged the chatbot for assistance in creating an Instagram scraper, and to translate LinkedIn profiles into Persian.

OpenAI has also summarized the activities of China-linked threat actor SweetSpectre, which not only used ChatGPT for reconnaissance, vulnerability research, malware development, and social engineering, but also attempted to send emails delivering malware to OpenAI employees. The malicious emails were blocked before reaching the targeted inboxes, the AI company said. 

Related: American Water Bringing Systems Back Online After Cyberattack

Related: MITRE Announces AI Incident Sharing Project 

Related: Over 40,000 Internet-Exposed ICS Devices Found in US: Censys