1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft warns a key OpenAI API is being exploited to launch cyb

    From TechnologyDaily@1337:1/100 to All on Tue Nov 4 16:15:09 2025
    Microsoft warns a key OpenAI API is being exploited to launch cyberattacks

    Date:
    Tue, 04 Nov 2025 16:03:00 +0000

    Description:
    OpenAIs Assistants API serves as a C2 server, hiding malicious communication in plain sight.

    FULL STORY ======================================================================SesameOp
    malware uses OpenAIs Assistants API as a covert command-and-control channel It enables persistent access, runs commands, and exfiltrates data via encrypted API traffic Microsoft urges firewall audits, tamper protection, and endpoint detection to mitigate threats

    To be able to operate properly, malware needs a way to communicate with its headquarters - the command & control (C2) server - which is one of the usual ways cybersecurity researchers identify malware - by looking at suspicious communications - which is why crooks go to lengths to try and hide these conversations in plain sight.

    Recently, security researchers from Microsoft discovered a new piece of malware that uses a creative way of hiding this dialogue, abusing OpenAIs Assistants API, a programming interface that lets developers integrate
    OpenAIs AI assistant capabilities into their own applications, products, or services.

    "Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2 channel as a way to stealthily communicate and orchestrate malicious activities within the compromised environment," the Microsoft Incident Response team said in the report. "To do this, a component of the backdoor uses the OpenAI Assistants API as a storage or relay
    mechanism to fetch commands, which the malware then runs." Used for espionage

    The malware is named SesameOp, and was discovered in July 2025. It grants its attackers persistent access to the compromised environment, as well as usual backdoor capabilities. All of the information grabbed in the attacks is then encrypted and shipped back through the same API channel.

    It is also worth emphasizing this is not a vulnerability in OpenAIs platform, but rather a built-in capability of the Assistants API which is being abused. According to BleepingComputer , the API itself is scheduled for deprecation
    in August 2026 anyway.

    "The stealthy nature of SesameOp is consistent with the objective of the attack, which was determined to be long term-persistence for espionage-type purposes," Microsoft added.

    Those worried about potential SesameOp malware attacks should audit their firewall logs, enable tamper protection, and configure endpoint detection in block mode. Furthermore, they should also monitor for unauthorized
    connections to external services.

    Via BleepingComputer

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-warns-a-key-openai-api-is-bei ng-exploited-to-launch-cyberattacks


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)