SesameOp backdoor abuses OpenAI Assistants API
Malware Activity
Summary
Hide ▲
Show ▼
The SesameOp backdoor now uses the OpenAI Assistants API as a covert command-and-control channel, giving operators durable remote access inside compromised environments. It can fetch compressed and encrypted commands, decrypt them, and run them on infected systems, which makes the traffic blend into a legitimate cloud service. The malware was tied to a July 2025 intrusion and is built for long-term espionage rather than short-lived disruption.
Related Happenings
Edgecution malicious Microsoft Edge extension backdoor activity
Malware Activity
H score23
First: 24.06.2026 23:58
Last: 24.06.2026 23:58
Sources 1
About this happening:
The **Edgecution** malware is extending a **Microsoft Edge** browser foothold into host-level compromise by abusing **Chrome Native Messaging** and launching a **Python-based back...
Edgecution malicious Microsoft Edge extension backdoor activity
Malware ActivityAbout this happening: The **Edgecution** malware is extending a **Microsoft Edge** browser foothold into host-level compromise by abusing **Chrome Native Messaging** and launching a **Python-based back...
Mistic backdoor attack activity targeting enterprise sectors since April
Malware Activity
H score33
First: 24.06.2026 13:41
Last: 24.06.2026 13:41
Sources 1
About this happening:
The **Mistic** backdoor is being used in **financially motivated attacks** against **insurance, education, IT, and professional services** organizations, giving operators a stealt...
Mistic backdoor attack activity targeting enterprise sectors since April
Malware ActivityAbout this happening: The **Mistic** backdoor is being used in **financially motivated attacks** against **insurance, education, IT, and professional services** organizations, giving operators a stealt...
Backdoor.Turn Microsoft Teams TURN relay malware activity
Malware Activity
H score29
First: 16.06.2026 13:18
Last: 16.06.2026 13:18
Sources 1
About this happening:
**Backdoor.Turn** is a **Go-based RAT** tied to **DragonForce ransomware** operators that hid command-and-control traffic through **Microsoft Teams TURN relay infrastructure** dur...
Backdoor.Turn Microsoft Teams TURN relay malware activity
Malware ActivityAbout this happening: **Backdoor.Turn** is a **Go-based RAT** tied to **DragonForce ransomware** operators that hid command-and-control traffic through **Microsoft Teams TURN relay infrastructure** dur...
Major U.S. services company hit by ransomware attack linked to DragonForce
Incident
H score38
First: 16.06.2026 13:18
Last: 16.06.2026 13:18
Sources 1
About this happening:
A **DragonForce ransomware** incident hit a **major U.S. services firm** in **December 2025**, with attackers maintaining access for **one to two months** and hiding **command-and...
Major U.S. services company hit by ransomware attack linked to DragonForce
IncidentAbout this happening: A **DragonForce ransomware** incident hit a **major U.S. services firm** in **December 2025**, with attackers maintaining access for **one to two months** and hiding **command-and...
AI-driven worm reasons at runtime and self-replicates across a 33-host test network
Technical Analysis
H score40
First: 09.06.2026 14:59
Last: 09.06.2026 14:59
Sources 1
About this happening:
Researchers demonstrated a **proof-of-concept AI-driven worm** that reasons at runtime and self-replicates, showing adaptive host-to-host spread across a **33-host** vulnerable te...
AI-driven worm reasons at runtime and self-replicates across a 33-host test network
Technical AnalysisAbout this happening: Researchers demonstrated a **proof-of-concept AI-driven worm** that reasons at runtime and self-replicates, showing adaptive host-to-host spread across a **33-host** vulnerable te...
Timeline
-
03.11.2025 20:35 2 articles · 8mo ago
Microsoft researchers uncover SesameOp backdoor abusing OpenAI Assistants API
Initial DisclosureMicrosoft security researchers and DART discovered SesameOp during an investigation into a July 2025 cyberattack. The backdoor uses the OpenAI Assistants API as a covert command-and-control channel to fetch compressed and encrypted commands, decrypt and execute them on infected systems, and return harvested information through the same API. Microsoft said the malware does not exploit a vulnerability or misconfiguration in OpenAI's platform, and Microsoft and OpenAI disabled the account and API key used in the attacks while advising defenders to audit firewall logs, enable tamper protection, configure endpoint detection in block mode, and monitor unauthorized external connections.
Show sources
- Microsoft: SesameOp malware abuses OpenAI Assistants API in attacks — www.bleepingcomputer.com — 03.11.2025 20:35
- OpenAI Assistants API Exploited in 'SesameOp' Backdoor — www.infosecurity-magazine.com — 04.11.2025 17:00