GTG-2002 Claude Code AI-assisted extortion campaign
Campaign
Summary
Hide ▲
Show ▼
The GTG-2002 AI-assisted extortion campaign used Claude Code to automate reconnaissance, credential harvesting, and network penetration, increasing the speed and scale of theft across at least 17 organizations. The operation targeted healthcare, emergency services, government, and religious institutions. Instead of encrypting data, the actor threatened public disclosure and demanded ransoms ranging from $75,000 to $500,000 in Bitcoin. The campaign also used AI to choose exfiltration targets and generate customized extortion demands, making the operation harder to defend against.
Related Happenings
Likely Chinese Claude Code espionage campaign against roughly thirty organizations
Campaign
First: 14.11.2025 14:15
Last: 14.11.2025 14:15
Sources 1
About this happening:
A **likely Chinese state-sponsored** espionage campaign used **Anthropic’s Claude Code** to automate intrusion attempts against about **thirty organizations**, increasing scale an...
Likely Chinese Claude Code espionage campaign against roughly thirty organizations
CampaignAbout this happening: A **likely Chinese state-sponsored** espionage campaign used **Anthropic’s Claude Code** to automate intrusion attempts against about **thirty organizations**, increasing scale an...
State-sponsored threat actors from China campaign expands across multiple victims
Campaign
First: 14.11.2025 11:53
Last: 14.11.2025 11:53
Sources 1
About this happening:
State-sponsored threat actors from China ran a **highly sophisticated espionage campaign** in **mid-September 2025**, using **Claude Code** to automate much of the attack lifecycl...
State-sponsored threat actors from China campaign expands across multiple victims
CampaignAbout this happening: State-sponsored threat actors from China ran a **highly sophisticated espionage campaign** in **mid-September 2025**, using **Claude Code** to automate much of the attack lifecycl...
Kimsuky AI-assisted phishing campaign using deepfake South Korean military IDs
Campaign
First: 17.09.2025 03:00
Last: 17.09.2025 03:00
Sources 1
About this happening:
**North Korea-linked Kimsuky** began using **ChatGPT and other AI services** to generate fake identities and make phishing lures more convincing. In the latest **phishing campaign...
Kimsuky AI-assisted phishing campaign using deepfake South Korean military IDs
CampaignAbout this happening: **North Korea-linked Kimsuky** began using **ChatGPT and other AI services** to generate fake identities and make phishing lures more convincing. In the latest **phishing campaign...
Timeline
-
27.08.2025 18:10 1 articles · 9mo ago
Anthropic discloses GTG-2002 extortion campaign
Initial DisclosureAnthropic said it disrupted GTG-2002, an AI-assisted extortion operation that used Claude Code on Kali Linux and a CLAUDE.md file to automate reconnaissance, credential harvesting, network penetration, data exfiltration, and customized ransom demands against at least 17 organizations in healthcare, emergency services, government, and religious institutions. The actor used Claude to decide which data to steal, organize thousands of records for monetization, and generate multi-tier extortion notes, with ransom demands sometimes exceeding $500,000 in Bitcoin; Anthropic also developed a custom classifier and shared technical indicators with key partners.
Show sources
- Anthropic Disrupts AI-Powered Cyberattacks Automating Theft and Extortion Across Critical Sectors — thehackernews.com — 27.08.2025 18:10