Tech war: OpenAI says it foiled suspected China-linked phishing attack on employees

The US start-up says SweetSpecter, a suspected China-based group, posed as a ChatGPT user and sent emails to staff with malware attached

Reading Time:1 minute

OpenAI CEO Sam Altman. The start-up says it has thwarted an attempt by a suspected China-linked group to phish its employees. Photo: AFP/Getty Images/TNS

Published: 9:51am, 10 Oct 2024

OpenAI said a group with apparent ties to China tried to carry out a phishing attack on its employees, reigniting concerns that bad actors in Beijing want to steal sensitive information from top US artificial intelligence (AI) companies.

The AI start-up said Wednesday that a suspected China-based group called SweetSpecter posed as a user of OpenAI’s chatbot ChatGPT earlier this year and sent customer support emails to staff.

The emails included malware attachments that, if opened, would have allowed SweetSpecter to take screenshots and exfiltrate data, OpenAI said, but the attempt was unsuccessful.

“OpenAI’s security team contacted employees who were believed to have been targeted in this spear phishing campaign and found that existing security controls prevented the emails from ever reaching their corporate emails,” OpenAI said.

The disclosure highlights the potential cybersecurity risks for leading AI companies as the US and China are locked in a high-stakes battle for artificial intelligence supremacy. In March, for example, a former Google engineer was charged with stealing AI trade secrets for a Chinese firm.

China’s government has repeatedly denied allegations by the US that organisations within the country perpetrate cyberattacks, accusing external parties of organising smear campaigns.