China-nexus agentic tools attack campaign targeting Japanese technology and East Asian cybersecurity organizations
Campaign
Summary
Hide ▲
Show ▼
A China-nexus actor used agentic tools in a targeted attack against a Japanese technology firm and an East Asian cybersecurity platform, showing how AI-driven orchestration can scale offensive operations. The attack used Hextrike and Strix to maintain persistence across the attack surface. Those tools were also used to automate and validate vulnerabilities during the operation. The activity points to a more autonomous attack workflow with reduced human oversight.
Related Happenings
Google AI Threat Defense launch adds autonomous AI-attack detection and remediation for enterprises
Security Tool/Service
H score20
First: 28.05.2026 12:55
Last: 28.05.2026 12:55
Sources 1
About this happening:
Google Cloud launched **Google AI Threat Defense**, an **always-on autonomous** security platform aimed at stopping **AI-powered cyberattacks** across enterprise environments. The...
Google AI Threat Defense launch adds autonomous AI-attack detection and remediation for enterprises
Security Tool/ServiceAbout this happening: Google Cloud launched **Google AI Threat Defense**, an **always-on autonomous** security platform aimed at stopping **AI-powered cyberattacks** across enterprise environments. The...
Shadow-Aether-040 AI-augmented campaign against Mexican government entities
Campaign
H score41
First: 13.05.2026 16:00
Last: 13.05.2026 16:00
Sources 1
About this happening:
The **Shadow-Aether-040** campaign used **AI agents** and custom tooling to compromise **six government entities in Mexico**, increasing the risk of follow-on intrusion and **data...
Shadow-Aether-040 AI-augmented campaign against Mexican government entities
CampaignAbout this happening: The **Shadow-Aether-040** campaign used **AI agents** and custom tooling to compromise **six government entities in Mexico**, increasing the risk of follow-on intrusion and **data...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical Analysis
H score33
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
How related:
Google today published new research tracking how adversaries leverage AI in their cyber operations.
About this happening:
**Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical AnalysisHow related: Google today published new research tracking how adversaries leverage AI in their cyber operations.
About this happening: **Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
Campaign
H score30
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
CampaignAbout this happening: An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
AISI and NCSC guidance on cybersecurity basics after Mythos Preview testing
Public Sector Action
H score25
First: 14.04.2026 12:30
Last: 14.04.2026 12:30
Sources 1
About this happening:
The **UK AI Security Institute (AISI)** and **National Cyber Security Centre (NCSC)** urged organizations to strengthen **cybersecurity basics** after evaluating **Anthropic’s Myt...
AISI and NCSC guidance on cybersecurity basics after Mythos Preview testing
Public Sector ActionAbout this happening: The **UK AI Security Institute (AISI)** and **National Cyber Security Centre (NCSC)** urged organizations to strengthen **cybersecurity basics** after evaluating **Anthropic’s Myt...
Timeline
-
11.05.2026 16:00 2 articles · 1mo ago
GTIG discloses AI-enabled threat activity
Initial DisclosureGoogle Threat Intelligence Group (GTIG) said threat actors are using AI tools for phishing, malware coding, reconnaissance, vulnerability research, exploit development, and attack orchestration, including a zero-day exploit believed to have been developed with AI to bypass two-factor authentication (2FA) on a popular open-source, web-based system administration tool, and a China-nexus attack using Hextrike and Strix against a Japanese technology firm and an East Asian cybersecurity platform.
Show sources
- Hackers Use AI for Exploit Development, Attack Automation — www.darkreading.com — 11.05.2026 16:00
- Hackers Use AI for Exploit Development, Attack Automation — www.darkreading.com — 11.05.2026 16:00