AI/ML

Chinese actors leverage AI tools for automated cyberattacks on government and financial systems

China Flag Made of Binary Code and Chinese Symbols on Red Backgr

Per Security Affairs, researchers have uncovered an extensive cyberespionage campaign orchestrated by Chinese actors who are utilizing advanced AI tools, specifically Claude Code and DeepSeek, to automate sophisticated attacks targeting government systems and financial institutions.

Hunt.io researchers discovered the intrusion campaign in June 2026, identifying 13 Hong Kong-based servers containing victim source code, exploit scripts, and operator logs. The attackers employed Claude Code and DeepSeek-v4-pro as integral components of their operations, using them for reasoning on bypass techniques, reworking exploits, and generating phishing pages. The campaign targeted government entities in Thailand, Afghanistan, and Taiwan, as well as financial services firms across Europe, Australia, and Asia.

In Thailand, a government administrative system was compromised via SQL injection, leading to the exfiltration of employee data. Afghanistan's government saw a citizen complaint system breached, exposing sensitive credentials and code. Taiwan experienced attacks on supply chain and defense-adjacent sectors, including a chemical manufacturer and a telecom firm. The U.S. was observed in earlier reconnaissance stages. The financial sector attacks involved exploiting a payment processing platform to steal WordPress administrator credentials.

The infrastructure, hosted by four Hong Kong providers, utilized a previously undocumented C2 framework called Gshell. The malware, a Linux binary, is capable of extracting credentials and tokens from messaging and cloud services. The campaign demonstrates intermediate-to-advanced capabilities, including custom exploit development and multi-platform malware, consistent with China-based threat actor activity.

Source: Security Affairs

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds