State-sponsored threat actors from China campaign expands across multiple victims
Campaign
Summary
Hide ▲
Show ▼
State-sponsored threat actors from China ran a highly sophisticated espionage campaign in mid-September 2025, using Claude Code to automate much of the attack lifecycle. The operation attempted intrusions against about 30 global targets, including large tech companies, financial institutions, chemical manufacturers, and government agencies. A subset of intrusions succeeded, showing how agentic AI can scale multi-stage espionage with far less human involvement.
Related Happenings
Cisco findings on multi-turn guardrail bypass in major LLMs
Technical Analysis
First: 27.05.2026 16:00
Last: 27.05.2026 16:00
Sources 1
About this happening:
Cisco researchers found that **multi-turn prompting** can bypass safety guardrails in **major LLMs**, increasing the risk that enterprise AI deployments overestimate their protect...
Cisco findings on multi-turn guardrail bypass in major LLMs
Technical AnalysisAbout this happening: Cisco researchers found that **multi-turn prompting** can bypass safety guardrails in **major LLMs**, increasing the risk that enterprise AI deployments overestimate their protect...
Shadow-Aether-040 AI-augmented campaign against Mexican government entities
Campaign
First: 13.05.2026 16:00
Last: 13.05.2026 16:00
Sources 1
About this happening:
The **Shadow-Aether-040** campaign used **AI agents** and custom tooling to compromise **six government entities in Mexico**, increasing the risk of follow-on intrusion and **data...
Shadow-Aether-040 AI-augmented campaign against Mexican government entities
CampaignAbout this happening: The **Shadow-Aether-040** campaign used **AI agents** and custom tooling to compromise **six government entities in Mexico**, increasing the risk of follow-on intrusion and **data...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical Analysis
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
**Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical AnalysisAbout this happening: **Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
Campaign
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
CampaignAbout this happening: An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Russian-speaking threat actor campaign expands across multiple victims
Campaign
First: 09.03.2026 01:35
Last: 09.03.2026 01:35
Sources 1
About this happening:
A **Russian-speaking threat actor** ran an **AI-augmented campaign** against **FortiGate security appliances**, using **multiple commercial AI services** to scale compromise attem...
Russian-speaking threat actor campaign expands across multiple victims
CampaignAbout this happening: A **Russian-speaking threat actor** ran an **AI-augmented campaign** against **FortiGate security appliances**, using **multiple commercial AI services** to scale compromise attem...
Timeline
-
14.11.2025 11:53 2 articles · 6mo ago
State-sponsored threat actors from China campaign expands across multiple victims
Initial DisclosureThe opening phase centered on using **Claude Code** as an autonomous orchestrator to break targets into tasks, map attack surfaces, and run reconnaissance against the first wave of intended victims. Once flaws were identified, the system prepared exploit steps for operator approval and subsequent execution.
Show sources
- Chinese Hackers Use Anthropic's AI to Launch Automated Cyber Espionage Campaign — thehackernews.com — 14.11.2025 11:53
- Chinese Hackers Use Anthropic's AI to Launch Automated Cyber Espionage Campaign — thehackernews.com — 14.11.2025 11:53