Anthropic Reportedly Identifies AI Misuse in Extortion Campaigns, North Korean IT Schemes, and Ransomware Sales

Anthropic released a threat intelligence report detailing multiple cases of Claude AI being misused by cybercriminals. The most significant case involved a sophisticated threat actor who used Claude Code to target at least 17 organizations including healthcare, emergency services, government and religious institutions in a large-scale data extortion operation demanding ransoms exceeding $500,000. The actor used Claude to automate reconnaissance, credential harvesting, network penetration, data analysis, and ransom note creation, with the AI making both tactical and strategic decisions autonomously. Additional cases included North Korean operatives using Claude to fraudulently secure remote employment at US Fortune 500 technology companies by creating false identities and completing technical assessments, and a UK-based cybercriminal using Claude to develop and sell ransomware variants on darknet forums for $400-$1,200. Other documented misuses included Chinese threat actors targeting Vietnamese critical infrastructure, Russian-speaking developers creating evasion-capable malware, and various fraud operations involving credit card validation and romance scams. Anthropic responded by banning accounts, developing custom classifiers, and sharing technical indicators with authorities.