اختراق واسع النطاق: جواسيس صينيون يستخدمون الذكاء الاصطناعي لاستهداف مؤسسات رئيسية

Anthropic announced that Chinese state-sponsored hackers exploited “Claude Code” tools and the “Model Context Protocol (MCP)” interface in mid-September in an attempted breach targeting approximately 30 prominent companies and government organizations, succeeding “in a small number of cases.” The list of targets included giant technology companies, financial institutions, chemical manufacturing companies, as well as government agencies.

A detailed 13-page report issued by the company stated that its threat research team considers this incident “the first definitive evidence of an AI agent successfully reaching high-value targets for intelligence collection.” Anthropic has named this group “GTG-1002.”

The attackers used a framework developed by humans to orchestrate multi-stage attacks, executed via sub-agents of “Claude” who handled specific tasks such as: mapping attack surfaces, scanning infrastructure, discovering vulnerabilities, and searching for exploitation techniques. A human operator would then review the results, ranging from two to ten minutes, and approve subsequent exploitation steps, before the sub-agents began searching for credentials, escalating access, lateral movement, and accessing and stealing sensitive data. In the post-exploitation phase, a second human review is conducted before approving the final data exfiltration.

The report indicated that the attacker “was able to induce Claude to execute discrete components of attack chains without needing access to the broader malicious context” through carefully crafted prompts and consistent personas presented as routine technical requests.

Anthropic reported that it has disabled accounts associated with the attacks, identified the full scope of the operation, notified the affected entities, and coordinated with law enforcement authorities. The company described the incident as a “significant escalation” compared to a report issued in August, which documented the use of the system in data extortion targeting 17 institutions with ransom demands ranging from $75,000 to $500,000, where “humans were fully aware of directing the operations” in that attack.

The company also noted an interesting technical aspect during the attacks; “Claude” suffered from hallucinations, exaggerating results and sometimes fabricating data during automation, prompting the human operator to verify all outputs. Hallucinations included claiming to have obtained credentials or reporting critical discoveries that later turned out to be publicly available information. (The Register)