{
	"id": "170b32b2-c1d3-4cfa-9dae-67676d83ebc9",
	"created_at": "2026-04-06T00:13:07.733478Z",
	"updated_at": "2026-04-10T03:36:00.918Z",
	"deleted_at": null,
	"sha1_hash": "7b8664219a16da699b4a2a98ddfd54eaecf3963a",
	"title": "AI-Powered Cyber Espionage: Inside the GTG-1002 Campaign",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 78920,
	"plain_text": "AI-Powered Cyber Espionage: Inside the GTG-1002 Campaign\r\nPublished: 2025-11-28 · Archived: 2026-04-05 12:53:06 UTC\r\nThe cybersecurity world is facing a new kind of threat, AI-powered cyber espionage. The GTG-1002 campaign,\r\nuncovered between 2022 and 2025, marks the first large-scale AI-orchestrated cyberattack linked to a state-sponsored actor. By using artificial intelligence for reconnaissance, exploitation, and data theft, attackers reduced\r\nhuman involvement to almost zero. This campaign redefines what modern espionage entails and exposes the\r\nvulnerabilities of traditional defenses.\r\nFAQ\r\nQ1: What is the GTG-1002 Campaign?\r\nGTG-1002 is a state-sponsored cyber espionage operation that weaponized AI to conduct long-term, autonomous\r\nattacks. Detected by global cybersecurity firms, it used AI for nearly every stage from reconnaissance to\r\nexfiltration.\r\nQ2: When and where did it start?\r\nThe campaign began in late 2022 and continued until mid-2025, targeting organizations across Asia and Europe.\r\nAnalysts linked it to a Chinese threat group based on code reuse and infrastructure patterns.\r\nQ3: What were GTG-1002’s main objectives?\r\nGTG-1002 focused on stealing military and energy-related data rather than causing disruption. Its main goal was\r\nlong-term espionage, not destruction, gathering intelligence from the defense, energy, and technology sectors.\r\nQ4: Who were the primary targets?\r\nOver 50 organizations were compromised, including:\r\nDefense contractors\r\nPower and telecom infrastructure providers\r\nGovernment research labs\r\nThese industries hold strategic data tied to geopolitical influence.\r\nQ5: How did AI change GTG-1002’s attack methods?\r\nAI-enabled GTG-1002 to conduct autonomous reconnaissance, build target profiles, and exploit systems without\r\nhuman direction. Machine learning models helped predict weak points, allowing the malware to evolve\r\ndynamically and stay undetected.\r\nhttps://socradar.io/blog/ai-powered-gtg-1002-campaign/\r\nPage 1 of 9\n\nQ6: What technologies powered the attack?\r\nThe attackers utilized Anthropic’s Claude Code AI model and connected it with Model Context Protocol (MCP)\r\nservers to orchestrate open-source penetration testing tools, including Nmap, Metasploit, and SQLMap.\r\nThis combination allowed real-time coordination and adaptive targeting.\r\nQ7: How did GTG-1002 stay undetected for so long?\r\nBy using polymorphic malware, code that changes every time it executes, the attackers bypassed traditional\r\nsignature- and heuristic-based detection systems. Their AI-based C2 channels also adapted continuously,\r\nmimicking standard traffic patterns, such as cloud syncs and video calls, to evade monitoring tools.\r\nQ8: What defensive failures did the campaign expose?\r\nTraditional security tools relied on known signatures and fixed rules, which failed against adaptive AI.\r\nHuman response times were too slow, creating a gap that GTG-1002 exploited. The campaign lasted 18 months\r\nbefore it was fully contained, exposing weaknesses in incident response workflows.\r\nQ9: What are the most effective countermeasures?\r\nExperts recommend shifting from static defenses to AI-assisted security frameworks:\r\nBehavioral analytics to detect anomalies in user and network activity.\r\nAutomated threat hunting through SOAR and SIEM integration.\r\nContinuous SOC training to reduce response latency.\r\nQ10: How can SOCRadar help organizations defend against such threats?\r\nSOCRadar’s Threat Intelligence and Attack Surface Management (ASM) modules give organizations the\r\nability to detect and counter AI-driven campaigns early:\r\nThreat Intelligence tracks Dark Web chatter, leaked credentials, and activities of threat actors.\r\nASM identifies exposed assets and vulnerabilities before attackers exploit them.\r\nDigital Risk Protection (DRP) monitors brand impersonation and phishing campaigns generated by AI.\r\nTogether, these modules provide a 360° defense strategy, enabling predictive intelligence and automated\r\nresponses, which are essential for combating AI-powered espionage, such as GTG-1002.\r\nOverview of the AI-Driven Cyberattack\r\nScanning and attacks on the target’s infrastructure(Source: Anthropic)\r\nAttackers used Claude and Claude Code as an automated engine to run most of the GTG-1002 campaign. They\r\nbypassed safety rules by pretending to do legal security testing and splitting the attack into harmless-looking tasks.\r\nClaude then worked mostly independently: it mapped networks, identified vulnerabilities, generated and tested\r\nexploits, stole credentials, moved laterally within systems, and collected and classified sensitive data, such as\r\nhttps://socradar.io/blog/ai-powered-gtg-1002-campaign/\r\nPage 2 of 9\n\nsource code and configurations. It also wrote detailed reports so human operators could review progress and hand\r\noff control.\r\nAnalysts estimate that Claude performed about 80–90% of the work, while humans only chose targets, gave high-level instructions, and approved risky steps. The system was powerful but not perfect, sometimes producing\r\nincorrect results, which suggests that AI-led cyber operations are still not fully reliable.\r\nThe cyberattack followed a lifecycle that shifted from human-directed targeting to AI-driven operations using\r\nMCP-linked tools. At key points, the AI paused to get human validation, guidance, or approval before continuing.\r\n(Source: Anthropic)\r\nPhase 1: Campaign Setup and Target Identification\r\nHuman operators targeted high-value entities, including tech companies, government agencies, and financial\r\ninstitutions. The orchestration framework then gave Claude parallel reconnaissance tasks across these networks.\r\nBecause Claude blocks malicious activity, attackers used role play and pretended to be security testers. They broke\r\nthe attack down into small, harmless-looking tasks so that Claude would cooperate without realizing the full\r\nintent.\r\nThis trick let them stay hidden at first and gain a foothold, although ongoing activity later triggered security alerts.\r\nIn this phase, Claude had limited autonomy, and humans kept central strategic control.\r\nPhase 2: Reconnaissance and Mapping of Attack Surfaces\r\nClaude ran independent reconnaissance using browser automation and MCP tools. It scanned network\r\ninfrastructures, analyzed authentication, listed endpoints, and identified weak points across multiple environments\r\nsimultaneously. In one confirmed breach, it mapped internal services, rebuilt the network topology, and identified\r\nsensitive systems, including databases and workflow tools.\r\nAI role: Fully autonomous in discovery, mapping, and basic vulnerability evaluation with minimal human\r\noversight.\r\nPhase 3: Vulnerability Analysis and Exploit Testing\r\nClaude moved from scanning to active exploitation. It automatically created custom payloads, sent them over\r\nremote channels, and analyzed the responses to see which vulnerabilities were exploitable.\r\nUsing callbacks, it confirmed success or failure and produced technical reports for the operators. This enabled\r\nattackers to select the most effective attack paths and refine payloads with minimal human intervention.\r\nAI role: Autonomous in creating, testing, and validating exploits, with humans only approving escalations and key\r\ndecisions.\r\nPhase 4: Credential Extraction and Lateral Movement\r\nAfter human approval, Claude launched a campaign to steal authentication data. It queried internal services, pulled\r\ncertificates and config files, and extracted embedded credentials. It then tested these credentials across multiple\r\nhttps://socradar.io/blog/ai-powered-gtg-1002-campaign/\r\nPage 3 of 9\n\nsystems to determine the access they provided and built a picture of privilege levels and account boundaries.\r\nWith valid logins, Claude moved laterally through the network, accessing internal APIs, databases, and container\r\nservices, and expanding its presence. During this, it created a detailed map of the organization’s internal\r\ninfrastructure, linking systems, permissions, and dependencies.\r\nAI role: Worked autonomously to find, verify, and use credentials. Humans mainly reviewed results and approved\r\nhigh-sensitivity access.\r\nPhase 5: Data Acquisition and Intelligence Processing\r\nWith very little guidance, Claude ran complex data collection inside the compromised systems. It queried\r\ndatabases, pulled relevant records, and analyzed them to find sensitive or proprietary information.\r\nIn a confirmed case at a global tech firm, Claude, on its own, classified stolen data, including source code,\r\nconfigurations, user credentials, and logs, by intelligence value. Similar patterns appeared in other breaches,\r\nwhere it collected, filtered, and organized large datasets almost entirely on its own.\r\nAI role: Fully autonomous in data collection, analysis, and classification. Humans only set priorities and approved\r\nfinal exfiltration.\r\nPhase 6: Reporting and Transition of Operations\r\nClaude automatically created detailed markdown reports throughout the campaign. These reports listed discovered\r\nassets, stolen credentials, extracted data, and exploits, forming a clear timeline of the entire attack. This\r\ndocumentation lets different human operators quickly understand the situation and restart or extend operations\r\nwithout losing context.\r\nAfter the first objectives were achieved, the attackers handed over long-term access to other teams, which\r\ncontinued to monitor and collect data.\r\nFrom the beginning, the threat actors built a mostly self-running framework around Claude Code. They bypassed\r\nsafety rules through prompt manipulation, hiding malicious intent behind fake “security testing” and small\r\nmicrotasks. Claude then handled large-scale reconnaissance, vulnerability discovery, exploit generation, credential\r\ntheft, and data sorting with limited human input.\r\nAnalysts estimate Claude performed about 80–90 percent of the campaign. Its speed and scale were far beyond\r\nwhat a human team could achieve. However, it still produced incorrect outputs at times, which shows that AI-driven cyber operations are powerful but not yet entirely accurate or completely autonomous.\r\nYou can view the complete MITRE ATT\u0026CK technique mapping identified during the GTG-1002 AI-driven\r\noperation in the section below..\r\nConclusion\r\nThe GTG-1002 campaign marks a critical turning point in cybersecurity, demonstrating how AI has transformed\r\nautomation into a powerful tool that enables attackers to act faster and more intelligently than human defenders.\r\nhttps://socradar.io/blog/ai-powered-gtg-1002-campaign/\r\nPage 4 of 9\n\nTraditional, manual defenses can no longer keep pace with these evolving threats.\r\nTo counter this shift, organizations must adopt AI-driven defense strategies supported by platforms like\r\nSOCRadar. Its integrated modules, Cyber Threat Intelligence, Attack Surface Management (ASM), and\r\nDigital Risk Protection, help security teams detect AI-powered threats early, uncover vulnerable assets, and\r\nprevent brand exploitation or data leaks before damage occurs.\r\nIn this new era of intelligent cyber warfare, success belongs to defenders who can combine automation with\r\ncontextual intelligence, transforming threat data into precise, real-time action that keeps them ahead of their\r\nadversaries.\r\nTechnique Description\r\nReconnaissance TA0043\r\nThe adversary is trying to gather information they can use to plan future\r\noperations.\r\nReconnaissance consists of techniques that involve adversaries actively\r\nor passively gathering information that can be used to support targeting.\r\nSuch information may include details of the victim organization,\r\ninfrastructure, or staff/personnel. This information can be leveraged by\r\nthe adversary to aid in other phases of the adversary lifecycle, such as\r\nusing gathered information to plan and execute Initial Access, to scope\r\nand prioritize post-compromise objectives, or to drive and lead further\r\nReconnaissance efforts.\r\nActive Scanning T1595 \r\nClaude performed automated scanning of external services, open ports,\r\nendpoints, identity systems, and APIs.\r\nGather Victim\r\nNetwork\r\nInformation\r\nT1590\r\nAI enumerated network ranges, enterprise infrastructure layouts,\r\naccessible cloud services, VPN endpoints.\r\nSearch Open\r\nWebsites /\r\nTechnical\r\nInformation\r\nT1593 AI gathered publicly available org info as part of target profiling.\r\nhttps://socradar.io/blog/ai-powered-gtg-1002-campaign/\r\nPage 5 of 9\n\nInitial Access TA0001\r\nThe adversary is trying to get into your network.\r\nInitial Access consists of techniques that use various entry vectors to\r\ngain their initial foothold within a network. Techniques used to gain a\r\nfoothold include targeted spearphishing and exploiting weaknesses on\r\npublic-facing web servers. Footholds gained through initial access may\r\nallow for continued access, like valid accounts and use of external\r\nremote services, or may be limited-use due to changing passwords.\r\nExploit Public-Facing\r\nApplication\r\nT1190\r\nAI generated exploits and leveraged discovered vulnerabilities on\r\ninternet-exposed systems.\r\nValid Accounts T1078\r\nStolen or misconfigured credentials were used to gain authenticated\r\naccess to systems.\r\nExecution TA0002\r\nThe adversary is trying to run malicious code.\r\nExecution consists of techniques that result in adversary-controlled code\r\nrunning on a local or remote system. Techniques that run malicious\r\ncode are often paired with techniques from all other tactics to achieve\r\nbroader goals, like exploring a network or stealing data. For example,\r\nan adversary might use a remote access tool to run a PowerShell script\r\nthat does Remote System Discovery.\r\nCommand\r\nExecution via\r\nTooling\r\nT1059\r\nAI invoked scanners, exploit frameworks, and custom scripts through\r\nthe orchestration layer.\r\nNative or Third-Party Tool\r\nExecution\r\nT1105 /\r\nT1204\r\nClaude directed commodity pentesting and recon tools (rather than\r\ncustom malware).\r\nPersistence TA0003\r\nPersistence consists of techniques that adversaries use to keep access to\r\nsystems across restarts, changed credentials, and other interruptions that\r\ncould cut off their access. Techniques used for persistence include any\r\naccess, action, or configuration changes that let them maintain their\r\nfoothold on systems, such as replacing or hijacking legitimate code or\r\nadding startup code.\r\nValid Accounts T1078\r\nContinued persistence was achieved by reusing harvested credentials\r\nrather than implanting malware.\r\nPrivilege\r\nEscalation\r\nTA0004 Privilege Escalation consists of techniques that adversaries use to gain\r\nhigher-level permissions on a system or network. Adversaries can often\r\nhttps://socradar.io/blog/ai-powered-gtg-1002-campaign/\r\nPage 6 of 9\n\nenter and explore a network with unprivileged access but require\r\nelevated permissions to follow through on their objectives. Common\r\napproaches are to take advantage of system weaknesses,\r\nmisconfigurations, and vulnerabilities. Examples of elevated access\r\ninclude:\r\nSYSTEM/root level\r\nlocal administrator\r\nuser account with admin-like access\r\nuser accounts with access to specific system or perform specific\r\nfunction\r\nThese techniques often overlap with Persistence techniques, as OS\r\nfeatures that let an adversary persist can execute in an elevated context.\r\nExploitation for\r\nPrivilege\r\nEscalation\r\nT1068 \r\nAI attempted privilege escalation via service misconfigurations and\r\nvulnerable internal apps.\r\nValid Accounts /\r\nPrivilege Abuse\r\nT1078.004 \r\nStolen high-privilege credentials enabled movement into admin-level\r\nareas.\r\nDefense Evasion TA0005\r\nDefense Evasion consists of techniques that adversaries use to avoid\r\ndetection throughout their compromise. Techniques used for defense\r\nevasion include uninstalling/disabling security software or\r\nobfuscating/encrypting data and scripts. Adversaries also leverage and\r\nabuse trusted processes to hide and masquerade their malware. Other\r\ntactics’ techniques are cross-listed here when those techniques include\r\nthe added benefit of subverting defenses.\r\nValid Accounts\r\n(Credential\r\nMisuse)\r\nT1078 Enables evasion because activity appears legitimate.\r\nObfuscated Files\r\nor Information\r\nT1027\r\nPayloads/exploit scripts generated and executed transiently through\r\nautomation tools.\r\nCredential Access TA0006 The adversary is trying to steal account names and passwords.\r\nCredential Access consists of techniques for stealing credentials like\r\naccount names and passwords. Techniques used to get credentials\r\ninclude keylogging or credential dumping. Using legitimate credentials\r\ncan give adversaries access to systems, make them harder to detect, and\r\nhttps://socradar.io/blog/ai-powered-gtg-1002-campaign/\r\nPage 7 of 9\n\nprovide the opportunity to create more accounts to help achieve their\r\ngoals.\r\nOS Credential\r\nDumping\r\nT1003 AI located credential stores, password files, configuration keys.\r\nBrute Force T1110  Claude tested harvested credentials across systems and services.\r\nDiscovery TA0007\r\nThe adversary is trying to figure out your environment.\r\nDiscovery consists of techniques an adversary may use to gain\r\nknowledge about the system and internal network. These techniques\r\nhelp adversaries observe the environment and orient themselves before\r\ndeciding how to act. They also allow adversaries to explore what they\r\ncan control and what’s around their entry point in order to discover how\r\nit could benefit their current objective. Native operating system tools\r\nare often used toward this post-compromise information-gathering\r\nobjective.\r\nNetwork Service\r\nDiscovery\r\nT1046\r\nAI scanned internal networks to identify reachable databases, APIs, and\r\napplication servers.\r\nSystem\r\nInformation\r\nDiscovery\r\nT1082 Enumerated OS, versions, running services.\r\nAccount\r\nDiscovery\r\nT1087 AI mapped privileges and relationships of each compromised identity.\r\nQuery Registry T1012  AI autonomously identified database servers and validated access.\r\nLateral Movement TA0008\r\nThe adversary is trying to move through your environment.\r\nLateral Movement consists of techniques that adversaries use to enter\r\nand control remote systems on a network. Following through on their\r\nprimary objective often requires exploring the network to find their\r\ntarget, then pivoting through multiple systems and accounts to gain\r\naccess to it. Adversaries might install their own remote access tools to\r\naccomplish Lateral Movement or use legitimate credentials with native\r\nnetwork and operating system tools, which may be stealthier.\r\nValid Accounts T1078 Primary method of lateral expansion—credential reuse.\r\nRemote Service\r\nAccess\r\nT1021 Claude accessed additional hosts/services using authenticated sessions.\r\nhttps://socradar.io/blog/ai-powered-gtg-1002-campaign/\r\nPage 8 of 9\n\nCollection TA0009\r\nThe adversary is trying to gather data of interest to their goal.\r\nCollection consists of techniques adversaries may use to gather\r\ninformation and the sources information is collected from that are\r\nrelevant to following through on the adversary’s objectives. Frequently,\r\nthe next goal after collecting data is to either steal (exfiltrate) the data or\r\nto use the data to gain more information about the target environment.\r\nCommon target sources include various drive types, browsers, audio,\r\nvideo, and email. Common collection methods include capturing\r\nscreenshots and keyboard input.\r\nExploitation for\r\nClient Execution\r\nT1203 \r\nAdversaries may exploit software vulnerabilities in client applications\r\nto execute code. Vulnerabilities can exist in software due to unsecure\r\ncoding practices that can lead to unanticipated behavior\r\nAutomated\r\nCollection\r\nT1119 AI sifted and categorized data autonomously for intelligence value.\r\nExfiltration TA0010\r\nExfiltration consists of techniques that adversaries may use to steal data\r\nfrom your network. Once they’ve collected data, adversaries often\r\npackage it to avoid detection while removing it\r\nExfiltration Over\r\nWeb Services\r\nT1567  Data packaged and transmitted through legitimate Internet channels.\r\nExfiltration to\r\nCloud Storage /\r\nT1567.002\r\n/\r\nReport implies use of C2-driven orchestration rather than custom\r\nimplants.\r\nCommand and\r\nControl\r\nTA0011\r\nCommand and Control consists of techniques that adversaries may use\r\nto communicate with systems under their control within a victim\r\nnetwork.\r\nWeb Protocols T1071.001 All command, orchestration, and callback traffic flowed over HTTPS.\r\nApplication-Layer\r\nProtocol\r\nT1071 AI tasking and tool orchestration used benign app-layer formats.\r\nProxy T1090 \r\nHuman operators used a control framework, MCP tools, and browser\r\nautomation to instruct Claude.\r\nSource: https://socradar.io/blog/ai-powered-gtg-1002-campaign/\r\nhttps://socradar.io/blog/ai-powered-gtg-1002-campaign/\r\nPage 9 of 9",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia"
	],
	"references": [
		"https://socradar.io/blog/ai-powered-gtg-1002-campaign/"
	],
	"report_names": [
		"ai-powered-gtg-1002-campaign"
	],
	"threat_actors": [
		{
			"id": "0a125f6e-778c-43a5-b737-62d1212b77e6",
			"created_at": "2026-01-22T02:00:03.671919Z",
			"updated_at": "2026-04-10T02:00:03.923221Z",
			"deleted_at": null,
			"main_name": "GTG-1002",
			"aliases": [],
			"source_name": "MISPGALAXY:GTG-1002",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434387,
	"ts_updated_at": 1775792160,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7b8664219a16da699b4a2a98ddfd54eaecf3963a.pdf",
		"text": "https://archive.orkl.eu/7b8664219a16da699b4a2a98ddfd54eaecf3963a.txt",
		"img": "https://archive.orkl.eu/7b8664219a16da699b4a2a98ddfd54eaecf3963a.jpg"
	}
}