Skip to main content

On This Page
← AI News
AI News Cyber Security Malware Analysis

Microsoft Discovers 'SesameOp' Backdoor Leveraging OpenAI API for Stealthy Cyber Operations

2 min read
Share

These articles are AI-generated summaries. Please check the original sources for full details.

Microsoft Discovers ‘SesameOp’ Backdoor Leveraging OpenAI API for Stealthy Cyber Operations

Discovery and Technical Details

Microsoft’s Detection and Response Team (DART) identified SesameOp, a novel backdoor that exploits OpenAI’s Assistants API as a command-and-control (C2) communication channel. Key findings include:

  • Discovery Date: July 2025, during a sophisticated security incident involving prolonged persistence in a target environment.
  • Targeted Goal: Long-term access for espionage, leveraging legitimate tools to evade detection.
  • Components Involved:
    • Loader Component: Netapi64.dll, heavily obfuscated using Eazfuscator.NET for stealth.
    • Backdoor: .NET-based OpenAIAgent.Netapi64, which uses the OpenAI API to fetch and execute encrypted commands.
    • Persistence Mechanism: AppDomainManager injection via a crafted .config file to load Netapi64.dll at runtime.

Mechanism of Operation

SesameOp uses OpenAI’s API as a stealthy relay for malicious activities, bypassing traditional C2 methods. The process involves:

  • Command Retrieval: The backdoor fetches encrypted commands from OpenAI’s Assistants API, which are then decoded and executed locally.

  • Result Transmission: Execution results are sent back to OpenAI as messages, with the description field signaling outcomes:

    • SLEEP: Pauses the process thread for a specified duration.
    • Payload: Extracts and executes code from the instructions field in a separate thread.
    • Result: Sends processed results to OpenAI, marked with the keyword “Result” for the threat actor.

  • Obfuscation and Evasion:

    • Eazfuscator.NET: Used to obfuscate Netapi64.dll, making analysis difficult.
    • Legitimate Tools: Exploits Microsoft Visual Studio utilities and AppDomainManager injection to blend with normal activity.

Implications and Mitigations

  • API Deprecation: OpenAI’s Assistants API will be deprecated in August 2026, replaced by the Responses API, which may reduce future exploitation opportunities.
  • Collaboration with OpenAI: Microsoft shared findings with OpenAI, leading to the disabling of a compromised API key and associated account.
  • Threat Actor Unknown: The perpetrators remain unidentified, but the attack highlights the growing trend of abusing AI APIs for malicious purposes.

Broader Cybersecurity Concerns

  • Stealth and Persistence: The use of legitimate APIs allows attackers to maintain access without triggering traditional security alerts.
  • Evolving Threat Landscape: As AI tools become more integrated, their misuse for C2 channels poses new challenges for detection and response.

For further details, refer to the full report: Microsoft’s Technical Report on SesameOp

Continue reading

Next article

Critical Security Flaws in Microsoft Teams Enable Impersonation and Undetected Message Manipulation

Related Content

Nov 5, 2025

Google Discovers PROMPTFLUX Malware Leveraging Gemini AI for Evasion

Google identifies PROMPTFLUX, a VB Script malware using Gemini AI to rewrite its code hourly for evasion, highlighting rising AI-driven cyber threats and misuse of large language models.

Read article
Oct 31, 2025

Nation-State Hackers Deploy Airstalk Malware in Supply Chain Attack Targeting Enterprise Browsers

Airstalk malware exploits AirWatch APIs for covert C2 communication, targeting enterprise browsers in a suspected supply chain attack linked to a nation-state actor.

Read article
Nov 1, 2025

Konni Hackers Exploit Google Find Hub for Remote Data-Wiping and Multi-Group Cyber Threats

North Korea-linked Konni hackers weaponize Google's Find Hub for remote device wiping, while Lazarus and Kimsuky groups deploy advanced malware in targeted campaigns.

Read article