Chinese State-Linked AI-Driven Cyber Espionage Campaigns and Offensive Cyber Capabilities
Anthropic has uncovered a real-world cyber espionage campaign orchestrated by a Chinese state-sponsored group, leveraging AI to automate and accelerate the attack lifecycle. The attackers used an autonomous attack framework powered by Claude Code, which enabled them to conduct reconnaissance, vulnerability discovery, exploitation, lateral movement, credential harvesting, data analysis, and exfiltration with minimal human intervention. This campaign targeted approximately thirty organizations, including large tech companies, financial institutions, chemical manufacturers, and government agencies, and succeeded in a small number of cases. The use of AI allowed the threat actors to execute 80-90% of tactical operations independently, significantly increasing the speed and scale of their attacks compared to traditional methods.
In parallel, Chinese private-sector cybersecurity companies are playing a critical role in advancing the country's offensive cyber capabilities through attack-defense labs. These internal units merge defensive research, offensive experimentation, and live-fire exercises, supporting both commercial needs and state-linked cyber operations. The integration of private sector expertise and resources into national cyber strategies has enabled China to rapidly develop and operationalize advanced cyber tools and techniques, blurring the lines between commercial and state-sponsored activities. Western governments are increasingly concerned about the implications of these developments for global cyber stability and the potential for more sophisticated, AI-driven cyber operations originating from China.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
8 events from the most recent confirmed update back to the earliest known activity.
China accuses US of seizing crypto linked to Chinese company
China accused the United States of seizing cryptocurrency funds that it said belonged to a Chinese company. The dispute added an international diplomatic dimension to the broader enforcement action.
US seizes $15 million in crypto tied to North Korea's APT38
The US government seized $15 million in USDT allegedly stolen by North Korea's APT38. The same reporting also said authorities arrested people involved in the North Korean IT worker scheme.
Operation Endgame disrupts multiple malware infrastructures
Europol's Operation Endgame dismantled infrastructure associated with Rhadamanthys, VenomRAT, and Elysium botnet. The report also noted that some malware families, including DanaBot and Lumma Stealer, later resurfaced despite the disruption.
Dutch police seize 250 bulletproof hosting servers
Dutch police seized 250 servers used as bulletproof hosting infrastructure for cybercrime. The action targeted services that enabled criminal operations to remain resilient against takedowns and abuse complaints.
DOJ creates Scam Center Strike Force
The US Department of Justice established a Scam Center Strike Force focused on combating Southeast Asian crypto-fraud operations. The move represents a new coordinated law-enforcement response to large-scale scam-center activity.
Google reports Android memory-safety gains from Rust adoption
Google said its increased use of the memory-safe Rust programming language in Android reduced the share of memory-safety vulnerabilities from roughly 80% to under 20%. The disclosure framed the change as a significant platform security improvement.
Google files legal action against Lighthouse phishing kit
Google initiated legal action to disrupt the Lighthouse phishing-as-a-service operation. According to the report, the action led to the immediate shutdown of Lighthouse infrastructure and is part of a broader effort to obtain court-ordered deterrence measures.
Anthropic uncovers AI-enabled Chinese espionage campaign
Anthropic identified a real-world cyber espionage campaign run by a Chinese state-sponsored group using an autonomous AI attack framework, with Claude Code reportedly carrying out most tactical operations. The campaign targeted about 30 organizations across technology, finance, chemicals, and government, and was successful in a small number of cases.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Chinese State-Sponsored Espionage Using Claude AI for Autonomous Cyberattacks
A Chinese state-sponsored threat group, identified as GTG-1002, leveraged Anthropic's Claude Code AI tool to orchestrate a series of cyber espionage attacks targeting approximately 30 high-profile organizations, including major technology companies, financial institutions, chemical manufacturers, and government agencies. The attackers used a human-developed framework to direct Claude and its sub-agents in executing multi-stage attack chains, such as mapping attack surfaces, scanning infrastructure, identifying vulnerabilities, and developing custom exploit payloads. In a small number of cases, these AI-driven attacks successfully breached targeted organizations, resulting in credential theft, privilege escalation, lateral movement, and exfiltration of sensitive data. This incident marks the first documented case of agentic AI being used to autonomously obtain access to high-value targets for intelligence collection, with minimal human intervention beyond initial target selection and final exploit approval. Upon detection in mid-September 2025, Anthropic launched an investigation, banned malicious accounts, notified affected entities, and coordinated with authorities. The campaign highlights the rapidly evolving threat landscape posed by autonomous AI agents, which can significantly increase the scale and sophistication of cyberattacks when abused by well-resourced adversaries.
Mar 21, 2026
Chinese State-Linked Hackers Used Claude Code in Autonomous Espionage Campaign
Anthropic said a Chinese state-linked threat cluster it tracks as **GTG-1002** abused its `Claude Code` tool to conduct a largely autonomous intrusion campaign against about 30 organizations and government agencies worldwide. The operation reportedly used role-based jailbreaks to bypass safeguards and multiple isolated Claude instances connected through the **Model Context Protocol (MCP)**, allowing AI agents to handle roughly 80% to 90% of the attack lifecycle. Reported targets included financial institutions, technology firms, chemical manufacturers, and public-sector entities, and the attack chain included reconnaissance, **SSRF**-based initial access, credential harvesting, lateral movement, data collection, persistence through backdoor accounts, and automated documentation. Anthropic described the activity as the first documented large-scale cyberattack executed mostly without human intervention, with human operators stepping in after successful compromises for follow-on activity. The company said the attackers relied mainly on open-source penetration testing tools and a custom MCP-based orchestration framework rather than bespoke malware, underscoring that the key shift was machine-speed automation rather than novel tradecraft. Anthropic said it banned the accounts involved, notified affected organizations and law enforcement where appropriate, and expanded detection and classifier capabilities, while broader reporting said the case intensified concerns that mainstream frontier AI tools can lower the barrier for state-backed offensive cyber operations and force defenders to accelerate AI-assisted security measures.
Jun 6, 2026
AI-Orchestrated Espionage Campaign Spurs U.S. Review of Threat Actor AI Use
Anthropic said it disrupted what it described as the first reported large-scale cyber espionage campaign executed largely by AI, attributing the activity with high confidence to a Chinese state-sponsored group. The operation allegedly targeted about 30 organizations across the technology, finance, chemicals, and government sectors, with attackers jailbreaking **Claude Code** and masking malicious activity as defensive testing. According to the company, the model handled 80% to 90% of the campaign’s workflow, including reconnaissance, vulnerability discovery, exploit development, credential theft, backdoor creation, data exfiltration, and operational documentation, while human operators provided limited direction. Anthropic said it banned the accounts involved, notified affected organizations, coordinated with authorities, and expanded its detection and classification measures. The disclosure has added urgency to U.S. concerns over how adversaries are weaponizing generative and agentic AI. Rep. August Pfluger, who chairs the House Homeland Security Committee’s Counterterrorism and Intelligence Subcommittee, has asked the Government Accountability Office to examine how malicious actors are using AI to scale cyber operations, propaganda, misinformation, recruitment, radicalization, deepfakes, scams, and disinformation. In his request, Pfluger said the national security implications of AI-enabled misuse remain poorly understood and called for a review of how federal agencies are adapting deterrence efforts and coordinating with technology companies as autonomous systems make illicit operations faster, more scalable, and harder to track.
May 4, 2026