Researchers from Microsoft’s Detection and Response Team (DART) have identified a sophisticated backdoor, dubbed SesameOp. This malware uniquely utilizes the OpenAI Assistants API for command and control (C2) communications. Unlike conventional methods, SesameOp stealthily misuses OpenAI to send and receive commands within compromised systems.
Overview of SesameOp
Discovered in July 2025, SesameOp was part of an intricate security incident. Threat actors had infiltrated the environment months before the detection took place. During their investigation, DART uncovered a network of internal web shells that executed commands from strategically placed malicious processes.
Technical Insights
SesameOp employs advanced evasion techniques, including the .NET AppDomainManager injection. This is achieved through the exploitation of compromised Microsoft Visual Studio utilities integrating malicious libraries. The infection begins with a loader named Netapi64.dll, which utilizes the OpenAI API to establish a covert communication channel.
- Loader: The
Netapi64.dllfile is heavily obfuscated, designed for stealth and persistence. - Encryption: Communicates using sophisticated encryption methods ensuring data privacy.
- Command Execution: The backdoor fetches commands from the OpenAI API, decrypts them, and executes them locally.
Operation Process
At its start, the backdoor creates a mutex to prevent multiple instances and generates a temporary marker file. It checks for specific configuration settings, including proxy information. Then it queries the OpenAI Assistants API to retrieve necessary command information using a hardcoded API key.
The payload sent back comprises encrypted and compressed results, ensuring that executed commands remain hidden from detection. SesameOp can create new Assistants within the OpenAI platform, disguising its activities effectively.
Threat Mitigation and Recommendations
To counter the SesameOp threat, organizations are advised to adopt the following measures:
- Regularly audit firewall and web server logs.
- Utilize intrusion prevention systems to block unauthorized communications.
- Enable tamper protection in Microsoft Defender for Endpoint.
- Run endpoint detection in block mode to stop malicious activity.
- Enforce cloud-delivered protection to adapt to new threats.
Collaboration with OpenAI
Microsoft has worked alongside OpenAI to identify and deactivate the account linked to the backdoor’s misuse of their API. This collaboration focuses on enhancing understanding and disruption of such threats in evolving technological contexts.
Conclusion
SesameOp highlights the necessity of vigilant cybersecurity practices, particularly as threat actors adapt to new technologies. Ongoing research and community collaboration will be essential to thwart similar attempts in the future.
