China-nexus agentic tools attack campaign targeting Japanese technology and East Asian cybersecurity organizations
Campaign
Summary
Hide ▲
Show ▼
A China-nexus actor used agentic tools in a targeted attack against a Japanese technology firm and an East Asian cybersecurity platform, showing how AI-driven orchestration can scale offensive operations. The attack used Hextrike and Strix to maintain persistence across the attack surface. Those tools were also used to automate and validate vulnerabilities during the operation. The activity points to a more autonomous attack workflow with reduced human oversight.
Related Happenings
Shadow-Aether-040 AI-augmented campaign against Mexican government entities
Campaign
First: 13.05.2026 16:00
Last: 13.05.2026 16:00
Sources 1
About this happening:
The **Shadow-Aether-040** campaign used **AI agents** and custom tooling to compromise **six government entities in Mexico**, increasing the risk of follow-on intrusion and **data...
Shadow-Aether-040 AI-augmented campaign against Mexican government entities
CampaignAbout this happening: The **Shadow-Aether-040** campaign used **AI agents** and custom tooling to compromise **six government entities in Mexico**, increasing the risk of follow-on intrusion and **data...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical Analysis
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
How related:
Google today published new research tracking how adversaries leverage AI in their cyber operations.
About this happening:
**Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical AnalysisHow related: Google today published new research tracking how adversaries leverage AI in their cyber operations.
About this happening: **Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
Campaign
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
CampaignAbout this happening: An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
AISI and NCSC guidance on cybersecurity basics after Mythos Preview testing
Public Sector Action
First: 14.04.2026 12:30
Last: 14.04.2026 12:30
Sources 1
About this happening:
The **UK AI Security Institute (AISI)** and **National Cyber Security Centre (NCSC)** urged organizations to strengthen **cybersecurity basics** after evaluating **Anthropic’s Myt...
AISI and NCSC guidance on cybersecurity basics after Mythos Preview testing
Public Sector ActionAbout this happening: The **UK AI Security Institute (AISI)** and **National Cyber Security Centre (NCSC)** urged organizations to strengthen **cybersecurity basics** after evaluating **Anthropic’s Myt...
Russian-speaking threat actor campaign expands across multiple victims
Campaign
First: 09.03.2026 01:35
Last: 09.03.2026 01:35
Sources 1
About this happening:
A **Russian-speaking threat actor** ran an **AI-augmented campaign** against **FortiGate security appliances**, using **multiple commercial AI services** to scale compromise attem...
Russian-speaking threat actor campaign expands across multiple victims
CampaignAbout this happening: A **Russian-speaking threat actor** ran an **AI-augmented campaign** against **FortiGate security appliances**, using **multiple commercial AI services** to scale compromise attem...
Timeline
-
11.05.2026 16:00 2 articles · 16d ago
GTIG discloses AI-enabled threat activity
Initial DisclosureGoogle Threat Intelligence Group (GTIG) said threat actors are using AI tools for phishing, malware coding, reconnaissance, vulnerability research, exploit development, and attack orchestration, including a zero-day exploit believed to have been developed with AI to bypass two-factor authentication (2FA) on a popular open-source, web-based system administration tool, and a China-nexus attack using Hextrike and Strix against a Japanese technology firm and an East Asian cybersecurity platform.
Show sources
- Hackers Use AI for Exploit Development, Attack Automation — www.darkreading.com — 11.05.2026 16:00
- Hackers Use AI for Exploit Development, Attack Automation — www.darkreading.com — 11.05.2026 16:00