Anthropic reports that it has disrupted a large-scale malicious operation in which attackers used Claude in July 2025 to steal personal data and commit extortion. The ransoms demanded by the hackers at times exceeded US$500,000.
In a published report, Anthropic warns that AI-based tools are now widely used to commit cybercrimes and facilitate fraud.
The company says it is developing specialized machine learning classifiers that will help detect specific patterns of such abuse in the future.
The most notable part of Anthropic’s report is the account that in July 2025 the company discovered and thwarted a large-scale malicious campaign in which an unknown hacker group used Claude to automate various stages of the attack, including reconnaissance, credential harvesting, and intrusion into victims’ networks.
Attackers used Claude Code on Kali Linux as an all-in-one attack platform. The intruder provided the model with a CLAUDE.md file detailing the preferred tactics, and Claude Code carried out automated reconnaissance, target discovery, vulnerability exploitation, and malware creation.
“[Claude] created obfuscated versions of the Chisel tunneling tool to evade detection by Windows Defender, and also developed an entirely new TCP proxy implementation that does not use Chisel libraries at all,” the report says.
The AI also carried out data theft and analysis, and helped craft ransom notes.
“The attackers targeted at least 17 different organizations, including healthcare facilities, emergency response services, government, and religious organizations,” Anthropic representatives said. “Instead of encrypting the stolen information with traditional ransomware, the attackers threatened to publicly disclose the stolen data and attempted to extort ransoms that sometimes exceeded US $500,000.”
Experts report that the reconnaissance involved scanning thousands of VPN endpoints to identify vulnerable systems. After gaining initial access, the attackers performed user enumeration and examined the network to extract credentials and establish persistence on hosts.
In addition, this malicious activity, code-named GTG-2002, was notable in that Claude was used to make “tactical and strategic decisions.” In other words, the AI independently determined what data to extract from victims’ networks and composed extortion messages, analyzing the victims’ financial indicators to determine an appropriate ransom amount (from $75,000 to $500,000 in bitcoin).
Anthropic writes that despite the steps the company has taken to prevent such abuse, it expects these threats to become increasingly common, “as AI lowers the barrier to entry for sophisticated cybercriminal operations.”
In particular, after this campaign was discovered, the attackers’ accounts were blocked, a new classifier was added to the defense system, and detailed information about the incident was shared with the company’s key partners so they could also track similar malicious activity.
The company’s report also lists other examples of misuse of Claude’s various capabilities.
- North Korean hackers leveraged Claude in fraudulent schemes involving remote IT workers. The AI was used to create detailed fake personas with convincing professional biographies and project histories, both during the hiring process and to assist with day-to-day work if successfully hired.
- A UK cybercriminal codenamed GTG-5004 used Claude to develop, market, and distribute several ransomware variants with advanced detection-evasion, encryption, and anti-debugging capabilities. The malware was sold on darknet forums such as Dread, CryptBB, and Nulled to other threat actors for $400–$1,200.
- A Chinese hacking group used Claude for over nine months to bolster its cyber operations targeting Vietnam’s critical infrastructure, including telecommunications providers, government databases, and agricultural systems.
- An unknown Russian-speaking developer used the AI to create malware with advanced detection-evasion capabilities.
- A member of the xss[.]is hacking forum used the Model Context Protocol (MCP) and Claude to analyze stealer logs and build detailed victim profiles.
- A Spanish-speaking threat actor leveraged Claude Code to support and improve an invite-only service for bulk checking and reselling stolen bank cards.
- Claude was used as part of a Telegram bot offering multimodal AI tools for romance scams, with the chatbot advertised as a “high-EQ model.”
- Another unknown threat actor used Claude to launch a synthetic-identity creation service that integrated with three bank card validation services.
In addition, the company says it thwarted attempts by North Korean hacking groups linked to the Contagious Interview campaign to create accounts on the platform. The hackers reportedly aimed to use AI to improve their malware toolsets, create phishing lures, and generate npm packages.
“The most striking finding is the complete reliance of [the attackers] on AI for carrying out technical tasks,” write Anthropic representatives about North Korean hackers posing as remote IT professionals. “It appears they are unable to write code, debug, or even communicate professionally without Claude’s help. Nevertheless, they have successfully kept jobs at Fortune 500 companies (according to publicly available data), passed technical interviews, and performed work that satisfies their employers.”
2025.01.28 — J-magic backdoor attacked Juniper Networks devices using 'magic packets'
A massive backdoor attack targeting Juniper routers often used as VPN gateways has been uncovered. The devices were attacked by the J-magic malware that…
Full article →
2025.01.30 — Hackers use vulnerabilities in SimpleHelp RMM to attack corporate networks
Experts believe that recently patched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) were used by attackers to gain initial access to corporate networks. A number…
Full article →
2025.04.04 — Privilege escalation vulnerability in Google Cloud resulting in sensitive data leaks finally patched
Tenable Research revealed details of a recently patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run enabling an attacker to gain access to container images…
Full article →
2025.03.05 — Polish Space Agency disconnects its network due to hacker attack
Last weekend, the Polish Space Agency (POLSA) had to disconnect all of its systems from the Internet to localize an attack targeting its IT infrastructure. After discovering the intrusion,…
Full article →
2025.01.25 — 18,000 script kiddies have been infected with backdoor via XWorm RAT builder
According to CloudSEK analysts, malefactors attack novice hackers using a fake malware builder. Script kiddies' systems become infected with a backdoor that steals data and subsequently…
Full article →
2025.02.07 — 768 vulnerabilities were exploited by hackers in 2024
According to VulnCheck, 768 CVEs were registered as exploited in real-life attacks in 2024. This is 20% greater compared to 2023 when hackers exploited 639 vulnerabilities. Interestingly,…
Full article →
2025.03.28 — Zero-day vulnerability in Windows results in NTLM hash leaks
Security experts reported a new zero-day vulnerability in Windows that enables remote attackers to steal NTLM credentials by tricking victims into viewing malicious files in Windows…
Full article →
2025.01.27 — Zyxel firewalls reboot due to flawed update
Zyxel warned its customers that a recent signature update may cause critical errors in USG FLEX and ATP series firewalls. As a result, devices go into…
Full article →
2025.02.14 — 12,000 Kerio Control firewalls remain vulnerable to RCE
Security experts report that more than 12,000 GFI Kerio Control firewall instances remain vulnerable to the critical RCE vulnerability CVE-2024-52875, which was fixed…
Full article →
2025.03.20 — 8,000 vulnerabilities identified in WordPress ecosystem in 2024
According to Patchstack, world's #1 WordPress vulnerability intelligence provider, 7,966 new vulnerabilities were identified in the WordPress ecosystem in 2024; most of these bugs affected plugins…
Full article →