There is growing tension in the global semiconductor ecosystem, as countries race for dominance. The EU is advancing its Chips Act, the US and Taiwan are tightening export restrictions on China, and China is making efforts towards semiconductor self-sufficiency.
Amidst this contest for supremacy, cyber operations are becoming a strategic weapon. State-affiliated actors are targeting critical infrastructure and leveraging AI to enhance their campaigns.
In a recent report, OpenAI revealed that it had disrupted several such operations. Among the identified threat groups were actors linked to China and tracked by Proofpoint as UNK_DropPitch. Their activities were consistent with patterns typically associated with Chinese intelligence units. For example, they used the Chinese language and targeted entities in the US and Taiwan.
DropPitch reportedly used ChatGPT to craft phishing content and refine their exploits. Their targets were major investment firms in Taiwan’s semiconductor industry. They sought help upgrading their CommandโandโControl (C2) traffic from HTTP to HTTPS and asked about obfuscation techniques such as renaming functions, modifying headers, and concealing strings.
In addition, they asked the model to automate tasks such as generating email target lists, creating tailored phishing content, and analyzing web data for mass campaigns. When ChatGPT refused their request, they asked whether Deepseek could assist instead.
Despite these attempts to weaponise AI, the actorsโ lack of technical sophistication was evident. Many of the final phishing emails were incoherent. Some emails repeated the same text multiple times in different languages, contained implausible contact details, or included mismatched metadata. In other cases, the malicious attachments had no relation to the emailโs message.
This shows that while AI tools can significantly help threat actors with their attacks, there are still limitations. The quality of their results ultimately reflects their own skill level. As Alexis Dorais-Joncas, Senior Manager of Threat Research at Proofpoint, said, โAI used by incompetent people will lead to incompetent results.โ
In the broader context of cyberwarfare and geopolitical competition, these developments highlight how threat actors are experimenting with AI to achieve their national objectives.
OpenAI has since disabled all accounts tied to the activity and shared relevant indicators with industry partners to strengthen collective defences.
About the author:
