SesameOp: The New Backdoor Abusing OpenAI API for C2
Microsoft finds malware using the Assistants API for stealthy command and control. Learn how this espionage tactic works and how to mitigate it.
Beyond the Hype: How the “SesameOp” Backdoor Turns OpenAI into a Stealthy C2 Channel (And How to Fight Back)
In the cybersecurity world, we often talk about attackers “living off the land”—using a victim’s own internal tools (like PowerShell or WMI) to avoid detection. But what happens when they start “living off the trusted service“?
We’re now seeing the answer. Security researchers at Microsoft have uncovered a novel backdoor, dubbed “SesameOp,” that cleverly abuses the OpenAI Assistants API, not for generating text, but as a stealthy, encrypted command-and-control (C2) channel.
This discovery, detailed by both The Hacker News and SecurityWeek, marks a significant evolution in attacker tactics. It turns a universally trusted, high-reputation service into a covert tool for espionage.
Here’s a breakdown of how it works and, more importantly, how you can defend against this new class of threat.
Keep reading with a 7-day free trial
Subscribe to SMB Tech & Cybersecurity Leadership Newsletter to keep reading this post and get 7 days of free access to the full post archives.