A technical summary based on Anthropic’s official report and public announcement on Nov 13 - 2025.

Massive Cyber Attack

Introduction

In November 2025, Anthropic released a detailed investigation into a cyber espionage campaign that relied heavily on AI automation. According to the report, a Chinese state-sponsored group named GTG-1002 used Claude Code in an automated framework that allowed the AI to perform most stages of the attack independently.

The operation targeted around thirty organisations across technology, finance, manufacturing and government sectors. Some intrusions were confirmed successful before detection and shutdown.

This article summarises the report in simple and clear language. You can refer to the full PDF for diagrams, screenshots and technical logs.

Overview of the Attack

Anthropic detected the activity in mid-September 2025. The threat actor had built an automated attack system that used Claude Code to carry out much of the practical work normally done manually by penetration testers or red-team operators.

Key characteristics include:

AI completed roughly 80 to 90 percent of tactical actions.

13 Nov 2025 - First Real Proof That AI Can Run a Large-Scale Cyber Attack End-to-End Operation

Introduction

Overview of the Attack

Keep Reading

Russian Hackers Use ChatGPT to Hit 600 FortiGate Devices

The npm install Trap: How the Cline Extension Became a Supply Chain Attack Vector

AI Just Found 500 Security Vulnerabilities That Humans Missed for Decades - Here's What That Means for Your Code