Microsoft's Azure Cloud Developments: Innovations and Challenges
Full Transcript
Microsoft's security researchers have identified a new backdoor malware named SesameOp, which exploits the OpenAI Assistants API to create a covert command-and-control channel. Discovered during an investigation into a cyberattack from July 2025, this malware enables attackers to maintain persistent access to compromised environments.
It allows for remote management of backdoored devices for extended periods by using legitimate cloud services, avoiding traditional malicious infrastructure that could alert victims to an attack. The Microsoft Detection and Response Team, or DART, reported that the SesameOp malware leverages the OpenAI Assistants API, not through exploiting vulnerabilities but rather by misusing its built-in capabilities.
The malware fetches encrypted commands from the API, which it then decrypts and executes on infected systems. Furthermore, the stolen information is transmitted back through the same API channel, maintaining the stealth of the operation.
The attack chain involved a heavily obfuscated loader and a .NET-based backdoor deployed via .NET AppDomainManager injection into various Microsoft Visual Studio utilities. Persistence is achieved through internal web shells and strategically placed malicious processes aimed at long-term espionage operations.
Microsoft confirmed that collaboration with OpenAI led to the identification and disabling of the account and API key used in these attacks. As the OpenAI Assistants API is scheduled for deprecation in August 2026, the misuse highlights significant security challenges.
Microsoft advises security teams to audit firewall logs, enable tamper protection, configure endpoint detection in block mode, and monitor unauthorized connections to external services to mitigate the impact of such malware attacks.
The stealthy nature of SesameOp aligns with its goal of long-term persistence for espionage purposes, raising concerns about the security of cloud services amidst evolving cyber threats. This situation underscores the ongoing challenges Microsoft faces in securing its Azure cloud platform and maintaining trust among users and businesses relying on its services.