OpenAI Confirms Employee Devices Hacked in Supply Chain Attack
Key Takeaways
- OpenAI confirmed two employee devices were compromised through malicious TanStack library updates
- Attackers stole credentials from internal source code repositories but did not access user data or production systems
- OpenAI is rotating digital certificates as a precaution, requiring macOS users to update the app
OpenAI confirmed Wednesday that hackers compromised two employee devices through a supply chain attack targeting the TanStack open source library. The company says it found no evidence that user data, production systems, or intellectual property were accessed.
The breach is part of a larger attack earlier this week where hackers hijacked several open source projects used by dozens of companies. They pushed updates designed to spread malware, a tactic that lets attackers potentially compromise many targets with a single hack.
What OpenAI Found
According to OpenAI's blog post, attackers gained unauthorized access to "a limited subset of internal source code repositories to which the two impacted employees had access." The company said only "limited credential material" was taken from these repositories.
The affected repositories contained digital certificates used to sign OpenAI's products. As a precaution, the company is rotating these certificates. This change will require macOS users to update the app.
"We have found no evidence of compromise or risk to existing software installations," OpenAI wrote.
The TanStack Attack
TanStack is a popular open source library that helps developers build web apps. On Monday, the project disclosed the attack and published a post-mortem.
The malicious TanStack versions contained malware designed to steal credentials from computers where the software was installed. The malware could also self-propagate to spread to other systems.
A Growing Pattern of Supply Chain Attacks
It's not clear who is behind the TanStack attack. Some past supply chain hacks have been attributed to a hacking gang known as TeamPCP, a group that was itself targeted by other hackers. But multiple groups now use these same tactics.
In March, North Korean hackers hijacked Axios, a popular open source development tool. They pushed malware that could have infected millions of developers. In May, Chinese hackers were accused of a similar attack targeting thousands of Windows computers running Daemon Tools disc imaging software.
Another recent state-linked hacking campaign targeting software users
The appeal of supply chain attacks is simple. Instead of targeting specific companies one by one, hackers take over trusted open source projects. They push malware disguised as routine updates. Developers and companies that depend on these tools unknowingly install the compromised code.
Another critical open source software security vulnerability
What This Means for Developers
The TanStack attack shows how quickly these supply chain compromises can spread. Eighty-four malicious versions were published in just six minutes. The attack was detected within 20 minutes, but that window was enough to compromise devices at OpenAI and likely other organizations.
Companies that use TanStack or other affected libraries should check their dependency versions against the malicious releases identified in TanStack's post-mortem. They should also audit systems for signs of credential theft or lateral movement.
Logicity's Take
Frequently Asked Questions
Was OpenAI user data stolen in the attack?
No. OpenAI says it found no evidence that user data was accessed, that production systems were compromised, or that its software was altered.
What is a supply chain attack?
A supply chain attack targets trusted software that other companies depend on. Instead of attacking companies directly, hackers compromise open source libraries or tools, then push malicious updates that spread to all users of that software.
Do I need to update my OpenAI app?
If you use the OpenAI macOS app, yes. OpenAI is rotating digital certificates as a precaution, which will require users to update the application.
Who was behind the TanStack attack?
It's not clear. Some past supply chain attacks have been attributed to a group called TeamPCP, but multiple hacking groups now use these tactics, including state-sponsored actors from North Korea and China.
Need Help Implementing This?
Source: TechCrunch / Lorenzo Franceschi-Bicchierai
Manaal Khan
Tech & Innovation Writer
اقرأ أيضاً
رأي مغاير: كيف يؤثر اختراق الأمن الداخلي الأميركي على شركاتنا الخاصة؟
في ظل اختراق عقود الأمن الداخلي الأميركي مع شركات خاصة، نناقش تأثير هذا الاختراق على مستقبل الأمن السيبراني. نستعرض الإحصاءات الموثوقة ونناقش كيف يمكن للشركات الخاصة أن تتعامل مع هذا التهديد. استمتع بقراءة هذا التحليل العميق
الإنسان في زمن ما بعد الوجود البشري: نحو نظام للتعايش بين الإنسان والروبوت - Centre for Arab Unity Studies
في هذا المقال، سنناقش كيف يمكن للبشر والروبوتات التعايش في نظام متكامل. سنستعرض التحديات والحلول المحتملة التي تضعها شركات مثل جوجل وأمازون. كما سنلقي نظرة على التوقعات المستقبلية وفقًا لتقرير ماكنزي
إطلاق ناسا لمهمة مأهولة إلى القمر: خطوة تاريخية نحو استكشاف الفضاء
تعتبر المهمة الجديدة خطوة هامة نحو استكشاف الفضاء وتطوير التكنولوجيا. سوف تشمل المهمة إرسال رواد فضاء إلى سطح القمر لconducting تجارب علمية. ستسهم هذه المهمة في تطوير فهمنا للفضاء وتحسين التكنولوجيا المستخدمة في استكشاف الفضاء.