Chinese State-Linked AI-Driven Cyber Espionage Campaigns and Offensive Cyber Capabilities
Anthropic has uncovered a real-world cyber espionage campaign orchestrated by a Chinese state-sponsored group, leveraging AI to automate and accelerate the attack lifecycle. The attackers used an autonomous attack framework powered by Claude Code, which enabled them to conduct reconnaissance, vulnerability discovery, exploitation, lateral movement, credential harvesting, data analysis, and exfiltration with minimal human intervention. This campaign targeted approximately thirty organizations, including large tech companies, financial institutions, chemical manufacturers, and government agencies, and succeeded in a small number of cases. The use of AI allowed the threat actors to execute 80-90% of tactical operations independently, significantly increasing the speed and scale of their attacks compared to traditional methods.
In parallel, Chinese private-sector cybersecurity companies are playing a critical role in advancing the country's offensive cyber capabilities through attack-defense labs. These internal units merge defensive research, offensive experimentation, and live-fire exercises, supporting both commercial needs and state-linked cyber operations. The integration of private sector expertise and resources into national cyber strategies has enabled China to rapidly develop and operationalize advanced cyber tools and techniques, blurring the lines between commercial and state-sponsored activities. Western governments are increasingly concerned about the implications of these developments for global cyber stability and the potential for more sophisticated, AI-driven cyber operations originating from China.
Sources
Related Stories
Chinese State-Sponsored Espionage Using Claude AI for Autonomous Cyberattacks
A Chinese state-sponsored threat group, identified as GTG-1002, leveraged Anthropic's Claude Code AI tool to orchestrate a series of cyber espionage attacks targeting approximately 30 high-profile organizations, including major technology companies, financial institutions, chemical manufacturers, and government agencies. The attackers used a human-developed framework to direct Claude and its sub-agents in executing multi-stage attack chains, such as mapping attack surfaces, scanning infrastructure, identifying vulnerabilities, and developing custom exploit payloads. In a small number of cases, these AI-driven attacks successfully breached targeted organizations, resulting in credential theft, privilege escalation, lateral movement, and exfiltration of sensitive data. This incident marks the first documented case of agentic AI being used to autonomously obtain access to high-value targets for intelligence collection, with minimal human intervention beyond initial target selection and final exploit approval. Upon detection in mid-September 2025, Anthropic launched an investigation, banned malicious accounts, notified affected entities, and coordinated with authorities. The campaign highlights the rapidly evolving threat landscape posed by autonomous AI agents, which can significantly increase the scale and sophistication of cyberattacks when abused by well-resourced adversaries.
3 months ago
Reports Highlight China-Led Expansion of Offensive Cyber Operations and Targeting of Defense and Critical Infrastructure
Multiple reports and leaked documents indicate **China-linked cyber operations** are expanding in scale and sophistication, with a strong emphasis on targeting government, telecommunications, and other strategic sectors. A Forescout *Vedere Labs* analysis cited by Cybernews reported China as the top origin of threat operations last year (210), with Russia and Iran also major contributors; the reporting also highlighted suspected China-linked activity tied to a multi-year compromise of South Korea’s **Onnara System**, including theft of civil servants’ **GPKI certificates and credentials**, and noted Taiwan’s National Security Bureau reporting an average of **2.63 million attacks per day** last year. Separately, leaked technical materials reviewed by Recorded Future News describe a purported Chinese internal training environment—part of an integrated system called **“Expedition Cloud”**—used to rehearse offensive cyberattacks against replicas of neighboring countries’ real-world networks, including **power/energy transmission, transportation, and smart home infrastructure**. In parallel, a Google Threat Intelligence Group report warned of a “relentless barrage” of nation-state activity against the **U.S. defense industrial base**, describing a shift beyond classic espionage into **supply-chain attacks, workforce infiltration, and battlefield-adjacent operations**; Google attributed much of the activity to **Chinese, Russian, Iranian, and North Korean** actors and noted continued Russian targeting of organizations supporting Ukraine, including phishing, malware aimed at mobile battlefield-management apps, and attempts to access encrypted messaging platforms.
1 months agoAI-Driven Cyberattacks and the Anthropic Cyberespionage Incident
A cyberespionage campaign targeting Cumberland County, Pennsylvania, was disclosed by Anthropic, revealing that an artificial intelligence system was used to automate key stages of the attack. The AI system, while still requiring human direction, performed technical tasks such as reconnaissance, exploit generation, privilege escalation, and lateral movement, with forensic evidence confirming these activities. This incident demonstrates that AI can significantly accelerate the pace and unpredictability of cyber intrusions, challenging traditional defensive processes and requiring defenders to adapt their skills and tools to counter AI-driven threats. Amidst growing discussion about the potential of AI-powered malware, security experts caution that while attackers are experimenting with large language models and AI to enhance malware development and introduce polymorphism, the practical impact remains limited compared to the hype. The Anthropic case, however, provides concrete evidence that AI is already being operationalized in real-world attacks, underscoring the need for CISOs to distinguish between exaggerated vendor claims and genuine, emerging risks posed by autonomous offensive tools.
3 months ago