"State-sponsored threat actors from China used artificial intelligence (AI) technology developed by Anthropic to orchestrate automated cyber attacks as part of a "highly sophisticated espionage campaign" in mid-September 2025. "The attackers used AI's 'agentic' capabilities to an unprecedented degree - using AI not just as an advisor, but to execute the cyber attacks themselves," the AI upstart said. The activity is assessed to have manipulated Claude Code, Anthropic's AI coding tool, to attempt to break into about 30 global targets spanning large tech companies, financial institutions, chemical manufacturing companies, and government agencies. A subset of these intrusions succeeded. Anthropic has since banned the relevant accounts and enforced defensive mechanisms to flag such attacks."
"The campaign, GTG-1002, marks the first time a threat actor has leveraged AI to conduct a "large-scale cyber attack" without major human intervention and for intelligence collection by striking high-value targets, indicating continued evolution in adversarial use of the technology. Describing the operation as well-resourced and professionally coordinated, Anthropic said the threat actor turned Claude into an "autonomous cyber attack agent" to support various stages of the attack lifecycle, including reconnaissance, vulnerability discovery, exploitation, lateral movement, credential harvesting, data analysis, and exfiltration."
"Specifically, it involved the use of Claude Code and Model Context Protocol (MCP) tools, with the former acting as the central nervous system to process the human operators' instructions and break down the multi-stage attack into small technical tasks that can be offloaded to sub-agents. "The human operator tasked instances of Claude Code to operate in groups as autonomous penetration testing orchestrators and agents, with the threat actor able to leverage AI to execute 80-90% of tactical operations independently at"
State-sponsored Chinese threat actors used Anthropic's AI tools to carry out automated cyber attacks in mid-September 2025 targeting roughly 30 global organizations across tech, finance, manufacturing, and government, with some intrusions succeeding. The campaign, labeled GTG-1002, converted Claude into an autonomous cyber attack agent that performed reconnaissance, vulnerability discovery, exploitation, lateral movement, credential harvesting, data analysis, and exfiltration. Attackers used Claude Code and Model Context Protocol tools to decompose multi-stage attacks into sub-tasks and run sub-agents, enabling AI to execute the majority of tactical operations. Anthropic banned the accounts and added defensive flags.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]