Chinese hackers carried out the first-ever AI cyber espionage
22.11.25
Cyberspies from China used Claude Code AI to launch a multi-layered attack on about thirty major companies and government agencies.
The GTG-1002 group, which is associated with the Chinese government, carried out a large-scale cyberattack using the Claude Code AI tool. This is the first documented case of such an operation being carried out with virtually no human intervention. Technology companies, financial institutions, chemical manufacturers and public sector structures were targeted.
Details of the Chinese hacking
After detecting suspicious activity, Anthropic launched an internal investigation to determine the scope of the incident. Within ten days, the company blocked accounts that could have been involved in the attack, warned affected customers and coordinated further steps with the responsible authorities. The company also published a detailed report describing the course of events.
The investigation revealed that the cyberattack relied on the capabilities of artificial intelligence models that were not used in similar scenarios a year ago. AI Claude gained access to various software tools using open standards such as the Model Context Protocol. This allowed it to independently collect data from the Internet, perform searches, perform technical operations, and use software with network scanning and password cracking functions.
How was AI used in the hack?
The report explains that the framework developed by the operators was used by Claude to build and manage the complex structure of the cyberoperation. The system created several subagents, each of which was responsible for separate stages of the attack: from mapping potential penetration zones and analyzing the infrastructure to finding vulnerabilities and developing ways to use them. After generating exploits and preparing payloads, a person only viewed the results of the AI’s work and allowed further actions. This took from two to ten minutes.
In the following stages, the subagents performed operations to search for credentials, elevate privileges, move around the network, and gain access to confidential information. The final phase involved obtaining data, which was also approved by the operator after checking the results of the model.
Such incidents are becoming more frequent. As previously reported, the Kimsuky group, which is associated with North Korea, used ChatGPT artificial intelligence to create a fake South Korean military ID, which allowed to increase the effectiveness of the phishing attack.
Don't miss interesting news
Subscribe to our channels and read announcements of high-tech news, tes
Oppo A6 Pro smartphone review: ambitious
0 
Creating new mid-range smartphones is no easy task. Manufacturers have to balance performance, camera capabilities, displays, and the overall cost impact of each component. How the new Oppo A6 Pro balances these factors is discussed in our review.
One UI 8.5 Gives Older Samsung Phones a New Lease on Life — Here’s What the Update Brings
0 
One UI 8.5 brings features once exclusive to Samsung’s newest flagships to older Galaxy devices. But can the update really make the Galaxy S22, S23 and S24 feel closer to the Galaxy S26 experience? Here’s what actually changes after installing the new firmware.
Honor Magic V6 launched worldwide with pre-order gifts
The Honor Magic V6 smartphone is finally coming to the global market. The company started expanding from the Malaysian market, preparing an extremely generous offer for the first buyers.
Xiaomi Mijia Air Conditioner Strong Wind Pro Vertical Super 3 HP: floor conditioner for large houses and apartments
The new Xiaomi Mijia Air Conditioner Strong Wind Pro Vertical Super 3 HP floor conditioner is designed specifically for owners of large apartments and country houses