AI-Powered Cyber Espionage: Inside the GTG-1002 Campaign Published: 2025-11-28 · Archived: 2026-04-05 12:53:06 UTC The cybersecurity world is facing a new kind of threat, AI-powered cyber espionage. The GTG-1002 campaign, uncovered between 2022 and 2025, marks the first large-scale AI-orchestrated cyberattack linked to a state-sponsored actor. By using artificial intelligence for reconnaissance, exploitation, and data theft, attackers reduced human involvement to almost zero. This campaign redefines what modern espionage entails and exposes the vulnerabilities of traditional defenses. FAQ Q1: What is the GTG-1002 Campaign? GTG-1002 is a state-sponsored cyber espionage operation that weaponized AI to conduct long-term, autonomous attacks. Detected by global cybersecurity firms, it used AI for nearly every stage from reconnaissance to exfiltration. Q2: When and where did it start? The campaign began in late 2022 and continued until mid-2025, targeting organizations across Asia and Europe. Analysts linked it to a Chinese threat group based on code reuse and infrastructure patterns. Q3: What were GTG-1002’s main objectives? GTG-1002 focused on stealing military and energy-related data rather than causing disruption. Its main goal was long-term espionage, not destruction, gathering intelligence from the defense, energy, and technology sectors. Q4: Who were the primary targets? Over 50 organizations were compromised, including: Defense contractors Power and telecom infrastructure providers Government research labs These industries hold strategic data tied to geopolitical influence. Q5: How did AI change GTG-1002’s attack methods? AI-enabled GTG-1002 to conduct autonomous reconnaissance, build target profiles, and exploit systems without human direction. Machine learning models helped predict weak points, allowing the malware to evolve dynamically and stay undetected. https://socradar.io/blog/ai-powered-gtg-1002-campaign/ Page 1 of 9 Q6: What technologies powered the attack? The attackers utilized Anthropic’s Claude Code AI model and connected it with Model Context Protocol (MCP) servers to orchestrate open-source penetration testing tools, including Nmap, Metasploit, and SQLMap. This combination allowed real-time coordination and adaptive targeting. Q7: How did GTG-1002 stay undetected for so long? By using polymorphic malware, code that changes every time it executes, the attackers bypassed traditional signature- and heuristic-based detection systems. Their AI-based C2 channels also adapted continuously, mimicking standard traffic patterns, such as cloud syncs and video calls, to evade monitoring tools. Q8: What defensive failures did the campaign expose? Traditional security tools relied on known signatures and fixed rules, which failed against adaptive AI. Human response times were too slow, creating a gap that GTG-1002 exploited. The campaign lasted 18 months before it was fully contained, exposing weaknesses in incident response workflows. Q9: What are the most effective countermeasures? Experts recommend shifting from static defenses to AI-assisted security frameworks: Behavioral analytics to detect anomalies in user and network activity. Automated threat hunting through SOAR and SIEM integration. Continuous SOC training to reduce response latency. Q10: How can SOCRadar help organizations defend against such threats? SOCRadar’s Threat Intelligence and Attack Surface Management (ASM) modules give organizations the ability to detect and counter AI-driven campaigns early: Threat Intelligence tracks Dark Web chatter, leaked credentials, and activities of threat actors. ASM identifies exposed assets and vulnerabilities before attackers exploit them. Digital Risk Protection (DRP) monitors brand impersonation and phishing campaigns generated by AI. Together, these modules provide a 360° defense strategy, enabling predictive intelligence and automated responses, which are essential for combating AI-powered espionage, such as GTG-1002. Overview of the AI-Driven Cyberattack Scanning and attacks on the target’s infrastructure(Source: Anthropic) Attackers used Claude and Claude Code as an automated engine to run most of the GTG-1002 campaign. They bypassed safety rules by pretending to do legal security testing and splitting the attack into harmless-looking tasks. Claude then worked mostly independently: it mapped networks, identified vulnerabilities, generated and tested exploits, stole credentials, moved laterally within systems, and collected and classified sensitive data, such as https://socradar.io/blog/ai-powered-gtg-1002-campaign/ Page 2 of 9 source code and configurations. It also wrote detailed reports so human operators could review progress and hand off control. Analysts estimate that Claude performed about 80–90% of the work, while humans only chose targets, gave high-level instructions, and approved risky steps. The system was powerful but not perfect, sometimes producing incorrect results, which suggests that AI-led cyber operations are still not fully reliable. The cyberattack followed a lifecycle that shifted from human-directed targeting to AI-driven operations using MCP-linked tools. At key points, the AI paused to get human validation, guidance, or approval before continuing. (Source: Anthropic) Phase 1: Campaign Setup and Target Identification Human operators targeted high-value entities, including tech companies, government agencies, and financial institutions. The orchestration framework then gave Claude parallel reconnaissance tasks across these networks. Because Claude blocks malicious activity, attackers used role play and pretended to be security testers. They broke the attack down into small, harmless-looking tasks so that Claude would cooperate without realizing the full intent. This trick let them stay hidden at first and gain a foothold, although ongoing activity later triggered security alerts. In this phase, Claude had limited autonomy, and humans kept central strategic control. Phase 2: Reconnaissance and Mapping of Attack Surfaces Claude ran independent reconnaissance using browser automation and MCP tools. It scanned network infrastructures, analyzed authentication, listed endpoints, and identified weak points across multiple environments simultaneously. In one confirmed breach, it mapped internal services, rebuilt the network topology, and identified sensitive systems, including databases and workflow tools. AI role: Fully autonomous in discovery, mapping, and basic vulnerability evaluation with minimal human oversight. Phase 3: Vulnerability Analysis and Exploit Testing Claude moved from scanning to active exploitation. It automatically created custom payloads, sent them over remote channels, and analyzed the responses to see which vulnerabilities were exploitable. Using callbacks, it confirmed success or failure and produced technical reports for the operators. This enabled attackers to select the most effective attack paths and refine payloads with minimal human intervention. AI role: Autonomous in creating, testing, and validating exploits, with humans only approving escalations and key decisions. Phase 4: Credential Extraction and Lateral Movement After human approval, Claude launched a campaign to steal authentication data. It queried internal services, pulled certificates and config files, and extracted embedded credentials. It then tested these credentials across multiple https://socradar.io/blog/ai-powered-gtg-1002-campaign/ Page 3 of 9 systems to determine the access they provided and built a picture of privilege levels and account boundaries. With valid logins, Claude moved laterally through the network, accessing internal APIs, databases, and container services, and expanding its presence. During this, it created a detailed map of the organization’s internal infrastructure, linking systems, permissions, and dependencies. AI role: Worked autonomously to find, verify, and use credentials. Humans mainly reviewed results and approved high-sensitivity access. Phase 5: Data Acquisition and Intelligence Processing With very little guidance, Claude ran complex data collection inside the compromised systems. It queried databases, pulled relevant records, and analyzed them to find sensitive or proprietary information. In a confirmed case at a global tech firm, Claude, on its own, classified stolen data, including source code, configurations, user credentials, and logs, by intelligence value. Similar patterns appeared in other breaches, where it collected, filtered, and organized large datasets almost entirely on its own. AI role: Fully autonomous in data collection, analysis, and classification. Humans only set priorities and approved final exfiltration. Phase 6: Reporting and Transition of Operations Claude automatically created detailed markdown reports throughout the campaign. These reports listed discovered assets, stolen credentials, extracted data, and exploits, forming a clear timeline of the entire attack. This documentation lets different human operators quickly understand the situation and restart or extend operations without losing context. After the first objectives were achieved, the attackers handed over long-term access to other teams, which continued to monitor and collect data. From the beginning, the threat actors built a mostly self-running framework around Claude Code. They bypassed safety rules through prompt manipulation, hiding malicious intent behind fake “security testing” and small microtasks. Claude then handled large-scale reconnaissance, vulnerability discovery, exploit generation, credential theft, and data sorting with limited human input. Analysts estimate Claude performed about 80–90 percent of the campaign. Its speed and scale were far beyond what a human team could achieve. However, it still produced incorrect outputs at times, which shows that AI-driven cyber operations are powerful but not yet entirely accurate or completely autonomous. You can view the complete MITRE ATT&CK technique mapping identified during the GTG-1002 AI-driven operation in the section below.. Conclusion The GTG-1002 campaign marks a critical turning point in cybersecurity, demonstrating how AI has transformed automation into a powerful tool that enables attackers to act faster and more intelligently than human defenders. https://socradar.io/blog/ai-powered-gtg-1002-campaign/ Page 4 of 9 Traditional, manual defenses can no longer keep pace with these evolving threats. To counter this shift, organizations must adopt AI-driven defense strategies supported by platforms like SOCRadar. Its integrated modules, Cyber Threat Intelligence, Attack Surface Management (ASM), and Digital Risk Protection, help security teams detect AI-powered threats early, uncover vulnerable assets, and prevent brand exploitation or data leaks before damage occurs. In this new era of intelligent cyber warfare, success belongs to defenders who can combine automation with contextual intelligence, transforming threat data into precise, real-time action that keeps them ahead of their adversaries. Technique Description Reconnaissance TA0043 The adversary is trying to gather information they can use to plan future operations. Reconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting. Such information may include details of the victim organization, infrastructure, or staff/personnel. This information can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using gathered information to plan and execute Initial Access, to scope and prioritize post-compromise objectives, or to drive and lead further Reconnaissance efforts. Active Scanning T1595  Claude performed automated scanning of external services, open ports, endpoints, identity systems, and APIs. Gather Victim Network Information T1590 AI enumerated network ranges, enterprise infrastructure layouts, accessible cloud services, VPN endpoints. Search Open Websites / Technical Information T1593 AI gathered publicly available org info as part of target profiling. https://socradar.io/blog/ai-powered-gtg-1002-campaign/ Page 5 of 9 Initial Access TA0001 The adversary is trying to get into your network. Initial Access consists of techniques that use various entry vectors to gain their initial foothold within a network. Techniques used to gain a foothold include targeted spearphishing and exploiting weaknesses on public-facing web servers. Footholds gained through initial access may allow for continued access, like valid accounts and use of external remote services, or may be limited-use due to changing passwords. Exploit Public-Facing Application T1190 AI generated exploits and leveraged discovered vulnerabilities on internet-exposed systems. Valid Accounts T1078 Stolen or misconfigured credentials were used to gain authenticated access to systems. Execution TA0002 The adversary is trying to run malicious code. Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery. Command Execution via Tooling T1059 AI invoked scanners, exploit frameworks, and custom scripts through the orchestration layer. Native or Third-Party Tool Execution T1105 / T1204 Claude directed commodity pentesting and recon tools (rather than custom malware). Persistence TA0003 Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code. Valid Accounts T1078 Continued persistence was achieved by reusing harvested credentials rather than implanting malware. Privilege Escalation TA0004 Privilege Escalation consists of techniques that adversaries use to gain higher-level permissions on a system or network. Adversaries can often https://socradar.io/blog/ai-powered-gtg-1002-campaign/ Page 6 of 9 enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities. Examples of elevated access include: SYSTEM/root level local administrator user account with admin-like access user accounts with access to specific system or perform specific function These techniques often overlap with Persistence techniques, as OS features that let an adversary persist can execute in an elevated context. Exploitation for Privilege Escalation T1068  AI attempted privilege escalation via service misconfigurations and vulnerable internal apps. Valid Accounts / Privilege Abuse T1078.004  Stolen high-privilege credentials enabled movement into admin-level areas. Defense Evasion TA0005 Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses. Valid Accounts (Credential Misuse) T1078 Enables evasion because activity appears legitimate. Obfuscated Files or Information T1027 Payloads/exploit scripts generated and executed transiently through automation tools. Credential Access TA0006 The adversary is trying to steal account names and passwords. Credential Access consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and https://socradar.io/blog/ai-powered-gtg-1002-campaign/ Page 7 of 9 provide the opportunity to create more accounts to help achieve their goals. OS Credential Dumping T1003 AI located credential stores, password files, configuration keys. Brute Force T1110  Claude tested harvested credentials across systems and services. Discovery TA0007 The adversary is trying to figure out your environment. Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what’s around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective. Network Service Discovery T1046 AI scanned internal networks to identify reachable databases, APIs, and application servers. System Information Discovery T1082 Enumerated OS, versions, running services. Account Discovery T1087 AI mapped privileges and relationships of each compromised identity. Query Registry T1012  AI autonomously identified database servers and validated access. Lateral Movement TA0008 The adversary is trying to move through your environment. Lateral Movement consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network to find their target, then pivoting through multiple systems and accounts to gain access to it. Adversaries might install their own remote access tools to accomplish Lateral Movement or use legitimate credentials with native network and operating system tools, which may be stealthier. Valid Accounts T1078 Primary method of lateral expansion—credential reuse. Remote Service Access T1021 Claude accessed additional hosts/services using authenticated sessions. https://socradar.io/blog/ai-powered-gtg-1002-campaign/ Page 8 of 9 Collection TA0009 The adversary is trying to gather data of interest to their goal. Collection consists of techniques adversaries may use to gather information and the sources information is collected from that are relevant to following through on the adversary’s objectives. Frequently, the next goal after collecting data is to either steal (exfiltrate) the data or to use the data to gain more information about the target environment. Common target sources include various drive types, browsers, audio, video, and email. Common collection methods include capturing screenshots and keyboard input. Exploitation for Client Execution T1203  Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior Automated Collection T1119 AI sifted and categorized data autonomously for intelligence value. Exfiltration TA0010 Exfiltration consists of techniques that adversaries may use to steal data from your network. Once they’ve collected data, adversaries often package it to avoid detection while removing it Exfiltration Over Web Services T1567  Data packaged and transmitted through legitimate Internet channels. Exfiltration to Cloud Storage / T1567.002 / Report implies use of C2-driven orchestration rather than custom implants. Command and Control TA0011 Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Web Protocols T1071.001 All command, orchestration, and callback traffic flowed over HTTPS. Application-Layer Protocol T1071 AI tasking and tool orchestration used benign app-layer formats. Proxy T1090  Human operators used a control framework, MCP tools, and browser automation to instruct Claude. Source: https://socradar.io/blog/ai-powered-gtg-1002-campaign/ https://socradar.io/blog/ai-powered-gtg-1002-campaign/ Page 9 of 9