Chinese Hackers Use Claude, DeepSeek AI in Government Cyberattacks
Key Takeaways A China-linked cyber espionage group is actively integrating commercial AI models, Claude Code and DeepSeek-v4-pro, directly into its attack workflows. These AI models are assigned...
Key Takeaways
- A China-linked cyber espionage group is actively integrating commercial AI models, Claude Code and DeepSeek-v4-pro, directly into its attack workflows.
- These AI models are assigned distinct roles: Claude Code for automation and execution, and DeepSeek-v4-pro for high-level reasoning and exploit generation.
- The campaign targets government entities and critical infrastructure across Taiwan, Thailand, Afghanistan, and the United States, alongside financial services globally.
- Attack methods include SQL injection, cloud token exfiltration, data dumps, webshell deployment, and custom RCEs.
- This marks a significant shift, demonstrating AI’s direct role as an operational component in state-sponsored cyberattacks.
Chinese State-Sponsored Group Leverages Commercial AI in Advanced Cyberattacks
A sophisticated and ongoing cyber intrusion campaign, attributed to a China-linked threat actor, has been uncovered, revealing the direct integration of commercial artificial intelligence platforms into the core operational framework of state-sponsored cyber espionage. This marks a critical evolution in the use of AI in offensive cyber operations, moving beyond mere research assistance to direct involvement in attack execution and logic generation.
Table Of Content
Instead of merely serving as auxiliary research tools, both Claude Code and DeepSeek-v4-pro have been found embedded within the central command-and-control (C2) flows of this extensive cyber campaign. This strategic integration underscores a deliberate effort by the threat actor to leverage advanced AI capabilities for enhanced efficiency and sophistication in their attacks.
The operation initially came to light through Hunt researchers who pivoted on a shared, unique HTTP header fingerprint, which led to the discovery of a broader infrastructure network. This network comprises 13 primary servers distributed across four distinct Hong Kong-based Autonomous System Numbers (ASNs). Earlier documentation by Cato CTRL in May 2026 on TencShell C2 infrastructure provided a foundational lead, exposing an open directory containing victim source code, custom exploit scripts, operator logs, cloned login pages, and documentation in simplified Chinese.
AI Models Assigned Specific Roles in Attack Chain
Analysis of the recovered operator logs provided clear evidence of a programmatic division of labor between the two identified large language models (LLMs):
- Claude Code (Execution & Automation): This AI model was specifically tasked with agentic tool interaction, processing interactive bash environments, executing terminal commands, and maintaining persistent operational sessions within the compromised systems.
- DeepSeek-v4-pro (Reasoning & Attack Logic): In contrast, DeepSeek-v4-pro was exclusively utilized for higher-level attack reasoning, generating malicious scripts, devising security evasion logic, and adapting exploits to specific target environments.
Further insights into the campaign’s structure were gleaned from a central CLAUDE.md workspace file. This document contained detailed instructions guiding the automated agent to build, test, and dynamically optimize phishing infrastructure tailored for specific targets. Operational timelines embedded within these findings indicated active working environments dedicated to Taiwan-based intelligence requirements, with activities dated between June 8 and June 12, 2026.
This systematic operational methodology echoes a security advisory issued by Anthropic in November 2025, which highlighted a China-linked threat actor’s use of malicious developer tools to orchestrate large-scale automated infrastructure intrusions.
Infrastructure and Offensive Toolkit
Three of the primary collection nodes within the identified infrastructure network employed overlapping SSH keys and TLS certificates, establishing built-in redundancy layers to ensure operational resilience. The central collection node, 112.213.124[.]132, was found to host a multi-tiered offensive toolkit. This arsenal included the ARL (Attack Reconnaissance Lighthouse) framework for network mapping, DeepAudit for vulnerability identification, and Vshell for remote system administration.
Notably, these tools were situated alongside an open repository staging 2,431 stolen or operational files. The investigation also uncovered an entirely new, undocumented secondary framework, dubbed “Gshell,” operating in parallel across the same infrastructure. This suggests the threat group maintains redundant C2 frameworks to maximize operational uptime and reduce single points of failure.
Targeted Attacks Across Multiple Geographies and Sectors
The campaign exhibits an intermediate-to-advanced threat landscape, characterized by custom exploit payloads fine-tuned for narrow framework version signatures, cross-platform malware orchestration, and real-time LLM-driven evasion cycles. Operators successfully used these sophisticated setups for active credential harvesting across a variety of multi-tenant corporate applications. Specific targets and attack vectors include:
- Taiwan: Eight firms within supply chain networks and manufacturing entities were targeted. Attacks involved SQL injection (SQLi) against chemical firms and exfiltration of cloud tokens, specifically Supabase/Azure SAS keys.
- Thailand: Government administrative application nodes were compromised, leading to SQLMap-driven data dumps of employee national ID records and the deployment of GIF-polyglot webshells for persistence.
- Afghanistan: Laravel-based public application architectures were exploited, resulting in the ingestion of citizen complaint databases and encryption keys via custom deserialization Remote Code Execution (RCE).
- United States: Public sector subdomains and civic databases were subjected to footprinting of NASA subdomains and the staging of unfinished phishing clones targeting the D.C. Council and Delaware County, Pennsylvania.
- Financial Services (Global): Enterprise payment processing platforms across Europe, Australia, and Asia were targeted through Cross-Origin Resource Sharing (CORS) exploitation to compromise administrative WordPress web credentials.
The confluence of simplified Chinese developer logs, the use of Hong Kong-based internet infrastructure, and targeting mandates that align with state intelligence objectives strongly supports the attribution of this activity to a China-based threat group.
This campaign signifies a profound shift in cyber warfare, where commercial AI systems are no longer passive research aids but active, force-multiplying components in interactive cyberattacks. This development raises urgent questions regarding the dual-use risks associated with agentic AI environments and the evolving landscape of state-sponsored cyber threats.
What You Should Do
- Enhance Network Monitoring: Implement advanced detection for anomalous network traffic, especially from Hong Kong-based ASNs, and unusual HTTP header fingerprints.
- Review Access Controls and Tokens: Regularly audit and rotate cloud tokens (e.g., Supabase/Azure SAS keys) and enforce least privilege principles for all accounts.
- Patch and Update Systems: Ensure all applications, particularly those based on Laravel and WordPress, are updated to the latest versions to mitigate known vulnerabilities, including SQL injection and deserialization RCEs.
- Strengthen Phishing Defenses: Implement multi-factor authentication (MFA) across all critical systems, conduct regular security awareness training, and deploy robust email filtering solutions.
- Monitor for Web Shells: Utilize endpoint detection and response (EDR) solutions to detect and prevent the deployment of webshells, including less common types like GIF-polyglot webshells.
- Secure Supply Chains: Implement stringent security protocols for supply chain partners and manufacturing entities, especially those handling sensitive data or intellectual property.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.