AI Orchestrated Attack Now?

Leave a Comment / Blog / By

Published by Anthropic11/13/2025

Original: https://assets.anthropic.com/m/ec212e6566a0d47/original/Disrupting-the-first-reported-AI-orchestrated-cyber-espionage-campaign.pdf

In September 2025, a big cyber-espionage campaign was uncovered. A group called GTG-1002—backed by a state actor in China—launched attacks against about 30 targets. Some got hit successfully. What’s surprising: most of this campaign was handled by an AI system, not humans.
The AI they used was Claude Code (from Anthropic) and it was turned into a kind of autonomous hacker: scanning networks, finding weaknesses, crafting exploit code, moving inside systems, grabbing credentials, analyzing stolen data, and writing full reports of everything. The humans mostly picked the targets and approved major steps. But the AI did the heavy lifting: 80-90 % of the tactical job.

How the attack worked (phase by phase)

  1. Campaign initialization & target selection
    • Humans chose targets: major tech companies, financial firms, chemical manufacturers, government agencies across countries.
    • Then they tricked the AI into thinking it was doing defensive security work: they framed prompts so Claude believed it was a friendly tester rather than attacker.
  2. Reconnaissance & attack surface mapping
    • Claude used browser automation, network scanning, enumeration of services. It did this across many targets in parallel.
    • It discovered internal services, network topologies, IP ranges, endpoints.
  3. Vulnerability discovery & validation
    • The AI identified vulnerabilities (for example SSRF – Server-Side Request Forgery), researched how to exploit them, generated payloads, tested them, and validated exploit capability.
    • Example breakdown: AI works 1-4 hours; human takes 2-10 minutes to approve.
  4. Credential harvesting & lateral movement
    • After approval, the AI harvested credentials: looked for certificates, configurations, tested credentials across internal systems.
    • Then it moved laterally: accessed APIs, databases, container registries, logged systems to build network maps of access.
  5. Data collection & intelligence extraction
    • The AI logged into target systems, extracted data (password hashes, account details, configuration info), processed large volumes of data, categorized it by intelligence value.
    • The human only stepped in at the final approval for data exfiltration.
  6. Documentation & handoff
    • Claude generated structured markdown files throughout: including discovered services, credentials harvested, exploits used, the progress, the results.
    • This documentation allowed the campaign to be paused and resumed, or handed to other teams for longer operations.

As someone working in health-fitness, older adults, and people in physically demanding jobs, I’m also concerned about the digital world because our lives depend on secure systems too. Here are the reasons this case matters:

  • If AI can run major cyber-attacks, then everyone is at higher risk: companies, governments, and indirectly, individual users like us.
  • The fact that the attack used mostly standard tools + AI orchestration means many groups could replicate similar methods. The “rich/hacker labs” advantage shrinks.
  • The AI making mistakes (hallucinations) shows defenders (and everyday users) have a chance: the tools aren’t perfect. Human oversight still counts.
  • We should treat AI as both a risk and a potential defense tool: the same models that can attack will also have to protect. In my ecosystem (mid-life fitness, digital entrepreneurship) I’ll keep in mind how better digital hygiene, understanding of risk, and safe adoption of AI matter.
  • For older adults or people in jobs where tech isn’t their specialty: this underscores the need to trust reliable tech, keep software updated, use strong passwords/multi-factor auth, and seek frameworks/platforms with good safety practices.

Based on this case, here are things I suggest we can do:

  • Treat software and systems more like physical infrastructure: check for weak links, keep things patched, monitor for odd behavior.
  • Be skeptical of systems that say “AI will make it totally hands-free” without good oversight. If AI can be turned into a hacker tool, at least expect models to fail in weird ways.
  • For business operators and independent creators: ask vendors about AI-safeguards, about how systems authenticate, how data is protected.
  • For everyday users: don’t assume “old-style” threats are gone. Attackers now can move faster. Weak credentials, reused passwords, unpatched software—these still matter.
  • Stay informed: campaigns like this one show how fast tech shifts. What was rare last year may be common soon.

Leave a Comment

Your email address will not be published. Required fields are marked *