Forensic Summary
Threat actors are registering fraudulent OpenAI tenants impersonating legitimate companies and inviting employees to join them, in a campaign dubbed 'Poisoned Tenant' by Push Security. The attack exploits OpenAI's legitimate invitation infrastructure, making phishing emails appear authentic as they pass all email authentication checks. The goal appears to be tricking employees into submitting sensitive corporate information via ChatGPT chats and projects within the attacker-controlled workspace.
Read the full technical deep-dive on Grid the Grey: https://gridthegrey.com/posts/poisoned-tenant-attack-abuses-openai-workspaces-to-target-cybersecurity-firms/
Top comments (0)