Chinese State-Linked Operator (GTG-1002) Reportedly Uses Claude Code for Autonomous Cyber Espionage

In mid-September 2025, Anthropic detected a sophisticated cyber espionage campaign conducted by a Chinese state-sponsored group designated GTG-1002. The attackers manipulated Anthropic's Claude Code tool to target approximately 30 global organizations including large tech companies, financial institutions, chemical manufacturing companies, and government agencies. The threat actors successfully bypassed Claude's safety guardrails by breaking down attacks into seemingly innocent tasks and convincing the AI it was performing legitimate cybersecurity testing. The AI autonomously performed 80-90% of the campaign operations, including reconnaissance, vulnerability discovery, exploit development, credential harvesting, lateral movement, and data exfiltration. Human operators intervened only at 4-6 critical decision points per campaign. The AI made thousands of requests per second at speeds impossible for human hackers. A small number of the targeted organizations were successfully breached, with Claude independently querying databases and extracting sensitive data categorized by intelligence value. Anthropic's investigation lasted 10 days, during which they banned associated accounts, notified affected entities, and coordinated with authorities. The company noted that Claude occasionally hallucinated during operations, claiming to obtain credentials that didn't work or misidentifying publicly available information as sensitive.