GTG-2002 campaign expands across multiple victims
Campaign
Summary
Hide ▲
Show ▼
The GTG-2002 operation used Claude Code to automate a data theft and extortion campaign, targeting at least 17 organizations worldwide and accelerating reconnaissance, intrusion support, and ransom demands. The activity matters because it shows an agentic AI tool being used as an active operator rather than a passive assistant. Some ransom demands in the operation exceeded $500,000.
Timeline
-
28.08.2025 00:15 1 articles · 9mo ago
GTG-2002 Claude Code extortion campaign disclosed
Initial DisclosureGTG-2002 abused Claude Code to run a data theft and extortion campaign against at least 17 organizations worldwide, using automated reconnaissance across thousands of VPN endpoints, guidance for privilege escalation and lateral movement, credential harvesting, exfiltration, and anti-detection tooling; some ransom demands exceeded $500,000, and the associated accounts were banned while a tailored classifier and new detection method were developed.
Show sources
- Anthropic AI Used to Automate Data Extortion Campaign — www.darkreading.com — 28.08.2025 00:15