Search TorNews

Find cybersecurity news, guides, and research articles

Popular searches:

Home » News » Cyber Threats » Hackers Used Claude Code and DeepSeek AI in Attacks on Government Systems, Researchers Say

Hackers Used Claude Code and DeepSeek AI in Attacks on Government Systems, Researchers Say

By:
Last updated:July 18, 2026
Human Written
  • Hackers used two AI models, Claude Code and DeepSeek-v4-pro, to automate attacks on government systems in Thailand, Afghanistan, and Taiwan.

  • The exposed server held over 2,400 files containing source code and operator logs, all written in Simplified Chinese.

  • The hackers also attacked financial institutions in Europe, Australia, and Asia. It confirmed that the credentials were of real employees.

Google Deploys Gemini AI Agents to Monitor Dark Web Threats for Businesses

Cybersecurity researchers from Hunt.io discovered an active intrusion campaign in June. They were investigating known TencShell C2 infrastructure when a single HTTP header fingerprint on port 1111 led them to a server cluster.

The trail ended at 13 Hong Kong-based servers spread across four hosting providers. One server had a wide-open directory containing 2,431 files and 80 subdirectories. Someone had left the digital door unlocked.

Inside the exposed folders sat victim source code, custom exploit scripts, operator logs and cloned login pages with notes written in Simplified Chinese. The attackers walked right in, and researchers walked right behind them.

AI Takes Center Stage in Chinese Cyber Attacks

It wasn’t the range of targets, but rather the tools behind the attacks, that distinguished this incident. Claude Code and DeepSeek-v4-pro were not just tools, but rather active participants in the attack.

In this case, the attackers divided the process among two different AI models. The weaponization of AI tools mirrors other incidents. The Anthropic code leaked on npm was exploited to spread malware.

Claude Code 2.1.165 was responsible for execution operations like running Bash commands, long sessions, parallelization of operations, and building phishing infrastructure.

DeepSeek-v4-pro handled strategic reasoning, developing scripts, choosing attack methods, and discovering new bypass strategies after failures of previous ones.

One of the recovered CLAUDE.md files included the instructions to create, test, and improve cloned phishing pages by using Claude Code automatically for multiple targets. The attack infrastructure went through the domestic LLM in China, while using Anthropic’s agentic execution infrastructure.

The attack operation is similar to Anthropic’s November 2025 disclosure of an operation by China that used Claude Code to conduct massive automated intrusions.

Government Systems are the Top Target

The attackers hit government systems across multiple countries. In Thailand, they used SQLMap to exploit a government administrative system through SQL injection. They gained access to the admin panel and hid a backdoor through a GIF file, allowing persistent command execution.

The stolen database held names and national ID numbers of government workers. It also contained their job titles. The directory contained 980 files referencing this system alone, suggesting a lengthy, focused operation. Test entries confirmed hands-on interactive access to the data.

In Afghanistan, the attackers compromised a web application for citizen complaints. They stole source code, mail infrastructure code, encryption keys, and database credentials from a Laravel 5.8.38 installation. Also, the attackers used those credentials to build a custom exploit targeting Laravel’s weaknesses.

Six distinct versions of the complaint submission form appeared in the directory. For state-sponsored actors, having direct access to a channel where people share grievances against the government is a valuable intelligence prize.

In Taiwan, the hackers mapped out and fingerprinted eight organizations in the supply chain and defense sectors. They successfully broke into two of them. A chemical manufacturer fell to an SQL injection attack.

In addition, a telecom company fell after hackers found Azure Logic App tokens and hardcoded  Supabase keys in public JavaScript files. Those keys gave them direct access to cloud infrastructure accounts.

The attackers use a reconnaissance script to scan these organizations. This script tried to find domain names through  DNS brute-forcing. It ran certificate transparency queries and used HTTP service fingerprinting to figure out what web services each target used. Their main targets were GitLab instances, VPN gateways, and Jira environments.

Financial Firms Also Took a Hit

A parallel campaign hit financial services firms across Europe, Australia, and Asia. A CORS exploit page on one of the attacker-controlled servers extracted WordPress admin credentials from a large payment processing platform.

LinkedIn cross-referencing confirmed that the extracted account names belonged to real employees of the company. The attackers verified their stolen credentials worked in the real world.

US Targets Appeared in Early Stages

The United States showed up in early scanning activity but not as a confirmed cyber breach. NASA hosts ngis.nasa.gov and launchpad.nasa.gov, which appeared in network scans. The attackers didn’t pursue them further.

Researchers found cloned pages impersonating the D.C. Council. They also found a fake page for Delaware County, Pennsylvania. The D.C. The WordPress admin page was fully built. The homepage still had missing images.

Experts believe targeting mid-tier government bodies matches known intelligence priorities. These include procurement and policy visibility.

The Infrastructure Behind It All

The 13 servers are all in Hong Kong. They spread across four hosting providers: VMISS Inc., CTG Server Limited, MEGA-II IDC, and Antbox Networks Limited. Three servers have the same SSH host key fingerprints. These servers ran identical ARL reconnaissance software serving the same default TLS certificate, with fields pointing to Shanghai.

Additionally, two servers in the cluster presented certificates identifying as “Gshell C2,” a previously undocumented C&C framework. Because these two servers overlay with the TencShell cluster, Hunt.io believes that Gshell is a second C2 framework operated in parallel by the same actors.

The malware recovered was a previously unreported Linux binary. It communicates back to the main server over WebSocket. It can steal Tencent QQ messaging credentials, cloud service access keys, and enterprise platform tokens.

A separate Linux version uses obfuscation tools. However, both versions share an identical 80-byte encryption key. This suggests a shared codebase across different systems. 

What this Means Going Forward

This attack reflects an advanced skill set. The hackers created custom exploits for a particular software version. They created malware that can operate on various computer architectures. Also, they used artificial intelligence to aid in the process of the attack. The visible signs, such as Simplified Chinese in code and documentation, concentration of infrastructure in Hong Kong, and targeting of multiple continents, are typical of China-based threat actors.

Hunt.io disclosed this threat to affected organizations and national CERTs on July 6, 2026. The whole set of indicators, including file hashes and network infrastructure, is available in the original report.

This discovery confirms that AI-enabled cyber attacks are not experimental anymore. This technique is already in use now on a wide scale, targeting governments and financial institutions all around the world. What matters now is not if attackers will use this approach again, but who will be the next target.

Share this article

About the Author

Joahn G

Joahn G

Cyber Threat Journalist

Joahn is a cyber threat journalist dedicated to tracking the evolving landscape of digital risks. His reporting focuses on ransomware gangs, data breach incidents, and state-sponsored cyber operations. By analyzing threat actor motives and tactics, he provides timely intelligence that helps readers understand and anticipate the security challenges of tomorrow.

View all posts by Joahn G >
Comments (0)

No comments.