threatintel
actor tracker
AI misuse catalog

Charcoal Typhoon used LLMs for tooling and social-engineering research

2024-02-14Microsoft + OpenAIChatGPT, OpenAI API
CN · China
ChinaVendor label:Charcoal Typhoon
Target reconnaissanceCode assistancePhishing generationTranslation
Primary disclosure (Microsoft + OpenAI)

What they were trying to do

  1. 01

    Research companies and cybersecurity tools to support technical operations

  2. 02

    Develop and debug scripts for tooling

  3. 03

    Generate content for use in social engineering against targets in government, education, communications, and energy sectors

How they did it

Charcoal Typhoon conducted what the disclosure characterises as 'limited exploration of how LLMs can augment their technical operations,' using the model for tooling development, scripting, understanding commodity cybersecurity tools, LLM-refined operational commands, and generating content that could be used to social-engineer targets.

Example queries

Verbatim excerpts from the disclosure — only what the vendor actually published.

Not detailed in the disclosure

What they achieved

Concrete outputs obtained before platform disruption.

  • before disruption

    Technical scripting and tooling development support

  • before disruption

    Understanding of commodity cybersecurity tools

  • before disruption

    Social-engineering content generation

Vendor responseMicrosoft + OpenAI

OpenAI disabled all accounts and assets associated with Charcoal Typhoon.

Full summary

PRC-affiliated intrusion set Microsoft tracks as Charcoal Typhoon (also reported as CHROMIUM) used OpenAI services for research into companies and cybersecurity tools, code debugging, generating phishing-relevant content, and translation tasks. OpenAI disabled the associated accounts.

AI platforms involved

ChatGPTOpenAI API

Related incidents (same country or vendor label)

Source note: Every entry in this catalog is derived from a primary public disclosure by the named platform vendor. This entry cites Microsoft + OpenAI as the primary source. No private, speculative, or non-public claims are presented here.