Skip to content Skip to footer

Rise in Compromised OpenAI ChatGPT Credentials on Underground Markets

More than 225,000 logs containing compromised OpenAI ChatGPT credentials were made available for sale on underground markets between January and October 2023, new findings from Group-IB show.

These credentials were found within information stealer logs associated with LummaC2, Raccoon, and RedLine stealer .

“The number of infected devices decreased slightly in mid- and late summer but grew significantly between August and September,” the Singapore-headquartered cybersecurity company said in its Hi-Tech Crime Trends 2023/2024 report published last week.

Between June and October 2023, more than 130,000 unique hosts with access to OpenAI ChatGPT were infiltrated, a 36% increase over what was observed during the first five months of 2023. The breakdown by the top three stealer families is below –

LummaC2 – 70,484 hosts

Raccoon – 22,468 hosts

RedLine – 15,970 hosts

“The sharp increase in the number of ChatGPT credentials for sale is due to the overall rise in the number of hosts infected with information stealers, data from which is then put up for sale on markets or in UCLs,” Group-IB said.

The development comes as and OpenAI revealed that nation-state actors from Russia, North Korea, Iran, and are experimenting with artificial intelligence () and large language models (LLMs) to complement their ongoing operations.

Stating that adversaries can use LLMs to brainstorm new tradecraft, craft convincing scams, and attacks, and improve operational productivity, Group-IB said the could also speed up reconnaissance, execute hacking toolkits, and make scammer robocalls.

“In the past, [threat actors] were mainly interested in corporate computers and systems with access that enabled movement across the network,” it noted. “Now, they also focus on devices with access to public systems.

“This gives them access to logs with the communication history between employees and systems, which they can use to search for confidential information (for espionage purposes), details about internal infrastructure, authentication data (for conducting even more damaging attacks), and information about application source code.”

Abuse of valid account credentials by threat actors has emerged as a top access technique, primarily fueled by the easy availability of such information via stealer .

“The combination of a rise in infostealers and the abuse of valid account credentials to gain initial access has exacerbated defenders' identity and access management challenges,” IBM X-Force said.

“Enterprise credential data can be stolen from compromised devices through credential reuse, browser credential stores or accessing enterprise accounts directly from personal devices.”

Leave a comment

Newsletter Signup

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

Shall we play a game?Joshua

Deitasoft © 2024. All Rights Reserved.