Chinese hackers carried out the first-ever AI cyber espionage
22.11.25
Cyberspies from China used Claude Code AI to launch a multi-layered attack on about thirty major companies and government agencies.
The GTG-1002 group, which is associated with the Chinese government, carried out a large-scale cyberattack using the Claude Code AI tool. This is the first documented case of such an operation being carried out with virtually no human intervention. Technology companies, financial institutions, chemical manufacturers and public sector structures were targeted.
Details of the Chinese hacking
After detecting suspicious activity, Anthropic launched an internal investigation to determine the scope of the incident. Within ten days, the company blocked accounts that could have been involved in the attack, warned affected customers and coordinated further steps with the responsible authorities. The company also published a detailed report describing the course of events.
The investigation revealed that the cyberattack relied on the capabilities of artificial intelligence models that were not used in similar scenarios a year ago. AI Claude gained access to various software tools using open standards such as the Model Context Protocol. This allowed it to independently collect data from the Internet, perform searches, perform technical operations, and use software with network scanning and password cracking functions.
How was AI used in the hack?
The report explains that the framework developed by the operators was used by Claude to build and manage the complex structure of the cyberoperation. The system created several subagents, each of which was responsible for separate stages of the attack: from mapping potential penetration zones and analyzing the infrastructure to finding vulnerabilities and developing ways to use them. After generating exploits and preparing payloads, a person only viewed the results of the AI’s work and allowed further actions. This took from two to ten minutes.
In the following stages, the subagents performed operations to search for credentials, elevate privileges, move around the network, and gain access to confidential information. The final phase involved obtaining data, which was also approved by the operator after checking the results of the model.
Such incidents are becoming more frequent. As previously reported, the Kimsuky group, which is associated with North Korea, used ChatGPT artificial intelligence to create a fake South Korean military ID, which allowed to increase the effectiveness of the phishing attack.
Don't miss interesting news
Subscribe to our channels and read announcements of high-tech news, tes
Oppo A6 Pro smartphone review: ambitious
0 
Creating new mid-range smartphones is no easy task. Manufacturers have to balance performance, camera capabilities, displays, and the overall cost impact of each component. How the new Oppo A6 Pro balances these factors is discussed in our review.
Best Bluetooth speakers 2025. Top models in different segments
0 
A speaker has long ceased to be just an accessory for a smartphone. It has become a tool for creating an atmosphere – from a small meeting to a large-scale party.
Nvidia GeForce RTX 4060 is back in the Steam leaderboards Steam videocard
Current Steam data generally looks predictable and does not yet show the impact of memory price increases, which may later affect component prices.
Google is testing artificial intelligence to generate news headlines Google
Google continues to expand the use of artificial intelligence in its services, and it’s not working very well