Group-IB has found out why the chatbot has become a gold mine for cybercriminals.
According to Group-IB, between January and October 2023, more than 225,000 logs containing compromised ChatGPT user credentials were put up for sale on the darknet. The credentials were found in the logs of the LummaC2, Raccoon, and RedLine infostealers.
Group-IB noted that the number of infected devices decreased slightly in mid-and late summer, but increased significantly between August and September. From June to October 2023, more than 130,000 unique hosts with ChatGPT access were infected, an increase of 36% compared to the first five months of 2023. The distribution across the three main malware families is as follows:
LummaC2 - 70,484 hosts;
Raccoon - 22,468 hosts;
RedLine - 15,970 hosts.
The increase in the number of ChatGPT credentials offered for sale is associated with a general increase in the number of infected hosts, data from which is then sold on the darknet.
Group-IB statistics
Group-IB notes that cybercriminals can use language models to develop new methods of conducting cyber attacks, create convincing phishing emails, and increase operational productivity. The technology can also speed up intelligence, make it easier to use hacking tools, and make fraudulent automated calls more efficient.
Attackers, as a rule, have always been interested in corporate devices and gaining access that allows them to move around the network. Now hackers ' attention is also focused on devices with access to public AI systems. This technique provides access to logs of communication between employees and systems, which can be used to search for confidential information, data about internal infrastructure, authentication, and application source code.
According to Group-IB, between January and October 2023, more than 225,000 logs containing compromised ChatGPT user credentials were put up for sale on the darknet. The credentials were found in the logs of the LummaC2, Raccoon, and RedLine infostealers.
Group-IB noted that the number of infected devices decreased slightly in mid-and late summer, but increased significantly between August and September. From June to October 2023, more than 130,000 unique hosts with ChatGPT access were infected, an increase of 36% compared to the first five months of 2023. The distribution across the three main malware families is as follows:
LummaC2 - 70,484 hosts;
Raccoon - 22,468 hosts;
RedLine - 15,970 hosts.
The increase in the number of ChatGPT credentials offered for sale is associated with a general increase in the number of infected hosts, data from which is then sold on the darknet.
Group-IB statistics
Group-IB notes that cybercriminals can use language models to develop new methods of conducting cyber attacks, create convincing phishing emails, and increase operational productivity. The technology can also speed up intelligence, make it easier to use hacking tools, and make fraudulent automated calls more efficient.
Attackers, as a rule, have always been interested in corporate devices and gaining access that allows them to move around the network. Now hackers ' attention is also focused on devices with access to public AI systems. This technique provides access to logs of communication between employees and systems, which can be used to search for confidential information, data about internal infrastructure, authentication, and application source code.
