""Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2 channel as a way to stealthily communicate and orchestrate malicious activities within the compromised environment," the Detection and Response Team (DART) at Microsoft Incident Response said in a technical report published Monday."
""To do this, a component of the backdoor uses the OpenAI Assistants API as a storage or relay mechanism to fetch commands, which the malware then runs.""
"Further investigation into the intrusion activity has led to the discovery of what it described as a "complex arrangement" of internal web shells, which are designed to execute commands relayed from "persistent, strategically placed" malicious processes. These processes, in turn, leverage Microsoft Visual Studio utilities that were compromised with malicious libraries, an approach referred to as AppDomainManager injection."
SesameOp is a custom backdoor that leverages the OpenAI Assistants API as a covert command-and-control channel, using the API as storage or a relay to fetch and execute commands. The implant was discovered in July 2025 and was part of an intrusion that maintained persistence for months, suggesting espionage objectives and long-term access. The intrusion used a complex arrangement of internal web shells and persistent malicious processes that abused compromised Microsoft Visual Studio utilities via AppDomainManager injection. The infection chain includes a loader named Netapi64.dll and a .NET-based component. The OpenAI Assistants API is scheduled for deprecation in August 2026 and will be replaced by the Responses API.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]