Close Menu

Unveiling SesameOp: Covert Command with OpenAI API

Staff WriterBy No Comments5 Mins Read0 Views

Fast Facts

  1. Backdoor Discovery: Researchers from Microsoft’s DART discovered the “SesameOp” backdoor, which uses the OpenAI API for covert command-and-control (C2) communications, allowing attackers to manage compromised environments for long-term espionage.

  2. Innovative Abuse of AI: The backdoor uniquely employs the OpenAI Assistants API as a relay for commands, illustrating how attackers can exploit legitimate AI services instead of building their own infrastructure.

  3. Advanced Techniques: Threat actors utilized advanced methods like payload compression and layered encryption to secure C2 communications, enhancing stealth and persistence of their malicious activities.

  4. Collaborative Response: Microsoft and OpenAI are collaborating to monitor and mitigate threats involving AI technologies, encouraging organizations to review security protocols to prevent misuse and unauthorized access.

[gptAs a technology journalist, write a short news story divided in two subheadings, at 12th grade reading level about ‘SesameOp Backdoor Uses OpenAI API for Covert C2’in short sentences using transition words, in an informative and explanatory tone, from the perspective of an insightful Tech News Editor, ensure clarity, consistency, and accessibility. Use concise, factual language and avoid jargon that may confuse readers. Maintain a neutral yet engaging tone to provide balanced perspectives on practicality, possible widespread adoption, and contribution to the human journey. Avoid passive voice. The article should provide relatable insights based on the following information ‘

A new backdoor uses an OpenAI API for command-and-control (C2) communications to covertly manage malicious activities within a compromised environment, demonstrating a unique way attackers can abuse generative AI services and tooling.

Researchers from Microsoft’s Detection and Response Team (DART) team discovered a backdoor dubbed “SesameOp” in July after responding to a security incident in which threat actors lurked undetected in an environment for several months, according to a blog post published Monday by Microsoft Incident Response. 

The covert backdoor, designed by threat actors to maintain persistence and allow them to manage compromised devices, is “consistent with the objective of the attack, which was determined to be long term-persistence for espionage-type purposes,” according to the post.

An unique aspect of SesameOp, however, is a component that uses the OpenAI Assistants API as a storage or relay mechanism to fetch commands, which the malware then runs. The API is a tool that allows developers to create custom AI assistants using Azure OpenAI models, enabling features like conversation management and task automation.

“Our investigation uncovered how a threat actor integrated the OpenAI Assistants API within a backdoor implant to establish a covert C2 channel, leveraging the legitimate service rather than building a dedicated infrastructure for issuing and receiving instructions,” according to the post.

Related:UNC6384 Targets European Diplomatic Entities With Windows Exploit

The attacker also employed other “sophisticated techniques” in its use of the API to secure and obfuscate C2 communications. These included compressing payloads to minimize size and using both layered symmetric and asymmetric encryption to protect command data and exfiltrated results.

Deliberate Misuse of OpenAI API

Microsoft researchers provided a deep dive into the attack and misuse of OpenAI in the blog post. After DART responded to the July incident, its investigation found a “complex arrangement of internal web shells,” each of which was responsible for running commands relayed from persistent, strategically placed malicious processes, according to the post. 

These processes leveraged multiple Microsoft Visual Studio (VS) utilities that had been compromised with malicious libraries, “a defense evasion method known as .NET AppDomainManager injection,” according to the post.

It was when attackers were hunting across other VS utilities loading unusual libraries that they discovered additional files that could facilitate external communications with the internal web shell structure, including SesameOps. The overall infection chain of the backdoor is comprised of a loader (Netapi64.dll) and a NET-based backdoor (OpenAIAgent.Netapi64) that leverages OpenAI as a C2 channel, according to the post. 

Related:Ribbon Communications Breach Marks Latest Telecom Attack

“The dynamic link library (DLL) is heavily obfuscated using Eazfuscator.NET and is designed for stealth, persistence, and secure communication using the OpenAI Assistants API,” according to the post. “Netapi64.dll is loaded at runtime into the host executable via .NET AppDomainManager injection, as instructed by a crafted .config file accompanying the host executable.”

Disclosure and Mitigation 

Microsoft’s DART informed OpenAI of their findings and the two companies jointly investigated this misuse of the API. What they found is that it did not represent a vulnerability or misconfiguration of the tool, “but rather a way to misuse built-in capabilities of the OpenAI Assistants API,” which itself will be phased out in August 2026, according to the post.

OpenAI has since identified and disabled an API key and associated account believed to have been used by the threat actor as part of SesameOps. “The review confirmed that the account had not interacted with any OpenAI models or services beyond limited API calls,” according to Microsoft Incident Response. 

Related:Dentsu Subsidiary Breached, Employee Data Stolen

Microsoft and OpenAI said they will continue to collaborate to achieve a better understanding of how threat actors misuse emerging technologies so as to disrupt these efforts. Indeed, APIs can hold the keys to the kingdom for generative AI services and applications, and attackers have been quick to misuse and abuse them since the inception of the technology. 

In the meantime, Microsoft Incident Response offered several mitigations for defenders and recommended that organizations frequently audit and review firewalls and web server logs, and be aware of all systems exposed directly to the Internet. 

They also should use a local firewall, intrusion prevention systems, and a network firewall to block C2 server communications across endpoints whenever feasible. “This approach can help mitigate lateral movement and other malicious activities,” according to the post. 

Defenders also should review and configure perimeter firewall and proxy settings to limit unauthorized access to services, including connections through non-standard ports, according to Microsoft.

‘. Do not end the article by saying In Conclusion or In Summary. Do not include names or provide a placeholder of authors or source. Make Sure the subheadings are in between html tags of

[/gpt3]

Continue Your Tech Journey

Stay informed on the revolutionary breakthroughs in Quantum Computing research.

Stay inspired by the vast knowledge available on Wikipedia.

CyberRisk-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Comments are closed.