Summary Points
- Microsoft discovered a backdoor malware, SesameOp, that covertly uses the OpenAI Assistants API as a command-and-control channel to maintain persistence and remotely manage infected devices for months.
- The malware abuses the API’s legitimate functions by storing and relaying encrypted commands, enabling stealthy communication and avoiding detection by traditional security measures.
- The attack involved obfuscated loaders and a .NET backdoor, with persistence maintained through web shells and malicious processes, aimed at long-term espionage.
- Microsoft and OpenAI collaborated to disable the compromised API account, emphasizing that the abuse exploited built-in API features, not platform vulnerabilities, with mitigation strategies including log analysis and endpoint security.
Problem Explained
Microsoft security researchers have uncovered a sophisticated backdoor malware called SesameOp that covertly exploits the OpenAI Assistants API as a secret command-and-control (C2) channel. During an investigation into a cyberattack in July 2025, the company’s Detection and Response Team (DART) discovered that this malware enabled persistent access to compromised systems by stealthily communicating through the API, rather than traditional malicious infrastructure. The malware utilized OpenAI’s API to store and relay encrypted commands, which it retrieved, decrypted, and executed on infected devices. By leveraging legitimate cloud services instead of conspicuous malicious servers, the attackers effectively concealed their operations for several months, aiming primarily for long-term espionage.
This attack targeted Microsoft environments, with the malware deploying a complex chain involving obfuscated loaders and .NET-based backdoors integrated into Visual Studio utilities, establishing lasting persistence through web shells and malicious processes. Microsoft clarified that the vulnerability did not stem from flaws in OpenAI’s platform but from the abuse of its built-in API features—an issue addressed collaboratively with OpenAI, resulting in the disabling of the compromised API account. The incident highlights how cyber adversaries are increasingly hijacking reputable cloud services and AI tools to facilitate clandestine operations, prompting recommendations for security teams to scrutinize network activity, enable protective measures, and monitor for unauthorized external connections to prevent similar threats.
Potential Risks
The ‘SesameOp malware abuses OpenAI Assistants API in attacks’ scenario highlights a significant cybersecurity vulnerability where malicious actors exploit AI APIs to conduct damaging activities, and any business relying on OpenAI’s services is at risk of similar exploitation, potentially leading to data breaches, intellectual property theft, and operational disruptions; such breaches can result in loss of customer trust, financial penalties, and reputational harm, notably if malware pivots through AI tools to infiltrate internal systems and extract sensitive information, underscoring the urgent need for rigorous security measures and vigilant monitoring to prevent such sophisticated attacks from compromising your business’s integrity and stability.
Possible Next Steps
Prompt Remediation
Addressing the quick detection and response to SesameOp malware abuses OpenAI Assistants API is crucial in minimizing damage and maintaining organizational integrity. Prompt action helps to thwart ongoing exploits, prevent further data breaches, and restore trust in digital ecosystems. Such urgency aligns with best practices outlined in the NIST Cybersecurity Framework (CSF), which emphasizes timely identification, containment, and eradication of threats to reduce risk exposure.
Mitigation Measures
- API Monitoring: Implement continuous monitoring of API usage to identify anomalous activity that suggests abuse or malicious intent. Use automated alerts for unusual access patterns or data exfiltration attempts.
- Access Controls: Enforce strict access controls, including least privilege principles and multi-factor authentication, to limit API availability to authorized users only.
- Rate Limiting: Set limits on API requests to prevent abuse or overuse that could indicate malicious activity.
Remediation Procedures
- Incident Response Activation: Immediately escalate detected abuse to the incident response team, following a predefined plan to contain and analyze the breach.
- Payload Analysis: Analyze any malicious payloads or scripts associated with SesameOp malware to understand the attack vector and develop targeted defenses.
- Patch and Update: Ensure all systems, including API endpoints and associated infrastructure, are patched and updated to eliminate vulnerabilities exploited by SesameOp.
- Credential Reset: Change compromised credentials and revoke unauthorized API keys to prevent re-entry or persistent threats.
- Communication and Reporting: Notify relevant stakeholders and regulatory bodies as necessary, and document actions taken for future review and compliance purposes.
Advance Your Cyber Knowledge
Discover cutting-edge developments in Emerging Tech and industry Insights.
Learn more about global cybersecurity standards through the NIST Cybersecurity Framework.
Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.
Cyberattacks-V1cyberattack-v1-multisource
