Anthropic AI Used to Automate Data Extortion Campaign

Source: GK Images via Alamy stock photo

Anthropic revealed that a cybercriminal abused its agentic artificial intelligence coding tool to automate a large-scale data theft and extortion campaign, marking a "new evolution" in how threat actors are weaponizing AI.

In its August threat intelligence report, published today, Anthropic disclosed several examples of threat actors misusing its Claude large language models (LLMs) to conduct a variety of malicious activities. The most notable of the examples was a recently disrupted campaign in which a "sophisticated cybercriminal operation" tracked as GTG-2002 abused Claude Code to conduct data extortion attacks against at least 17 different organizations across the world in a short period of time.

Anthropic didn't pull punches about the seriousness of the campaign; in a blog post announcing the threat intelligence report, the generative AI company said GTG-2002 used AI to an "unprecedented degree." Further, Anthropic said the campaign represents a turning point for AI-assisted cybercrime and warned that threat actors are now using AI tools to actually perform attacks rather than to simply facilitate them.

Claude Code-Driven Extortion Attacks

According to the threat intelligence report, GTG-2002 made wide use of Claude Code for its campaign, starting with automated reconnaissance by scanning thousands of VPN endpoints for vulnerable targets and even creating scanning frameworks using a variety of APIs.

Related:'ZipLine' Phishers Flip Script as Victims Email First

"The actor provided Claude Code with their preferred operational TTPs (Tactics, Techniques, and Procedures) in their CLAUDE.md file that is used as a guide for Claude Code to respond to prompts in a manner preferred by the user," Anthropic said in the report. "However, this was simply a preferential guide and the operation still utilized Claude Code to make both tactical and strategic decisions — determining how best to penetrate networks, which data to exfiltrate, and how to craft psychologically targeted extortion demands."

Anthropic said GTG-2002's operation also used Claude Code for real-time assistance with network penetrations and direct operational support for active intrusions, such as guidance for privilege escalation and lateral movement. Additionally, the AI coding tool was used for automated credential harvesting and data exfiltration as well as the creation of malware and anti-detection tools.

"It created obfuscated versions of the Chisel tunneling tool to evade Windows Defender detection and developed completely new TCP proxy code that doesn't use Chisel libraries at all," the report stated. "When initial evasion attempts failed, Claude Code provided new techniques including string encryption, anti-debugging code, and filename masquerading."

Related:Nevada's State Agencies Shutter in Wake of Cyberattack

This approach enabled the threat actor to steal personal records, healthcare data, financial information, government credentials, and other sensitive information.

According to Anthropic, its AI model also assisted the threat actor with ransom demands, which occasionally exceeded $500,000.

"Claude not only performed 'on-keyboard' operations but also analyzed exfiltrated financial data to determine appropriate ransom amounts and generated visually alarming HTML ransom notes that were displayed on victim machines by embedding them into the boot process," the report stated.

Mitigation and Response

Anthropic said GTG-2002's attacks did not encrypt data and featured data theft and extortion only. The company banned the accounts associated with the activity and took additional measures to prevent future abuse.

"In response to this case, we began developing a tailored classifier specifically for this type of activity and another new detection method to ensure similar behavior is captured by our standard safety enforcement pipeline," the company said.

The threat intelligence report cited other recent examples of abuse, including North Korean operatives using Claude to scale their fake IT worker scams and a cybercriminal building new, AI-generated ransomware.

Related:China Hijacks Captive Portals to Spy on Asian Diplomats

But the company emphasized the urgency of GTG-2002's activity, which it said represents a shift to "vibe hacking," where threat actors use LLMs and agentic AI to perform the attacks. "The operation demonstrates a concerning evolution in AI-assisted cybercrime, where AI serves as both a technical consultant and active operator, enabling attacks that would be more difficult and time-consuming for individual actors to execute manually," the report said.

Anthropic's report follows another concerning AI-related development: the discovery of the first known example of a ransomware strain powered by an AI model. ESET researchers say they discovered the ransomware sample, which they dubbed "PromptLock," in VirusTotal and discovered that it was locally powered by OpenAI's gpt-oss:20b model.