Anthropic Report Highlights AI Misuse in Cyber Extortion, Fraud and Ransomware

Artificial intelligence company Anthropic released its Threat Intelligence Report on Aug. 27, detailing instances where threat actors misused its Claude AI model in cyber extortion, employment fraud, ransomware development and critical infrastructure targeting, as detected through internal monitoring systems.

The report covers five main cases from earlier in 2025, involving actors including cybercriminals, North Korean operatives and a Chinese-linked threat group, targeting organizations in the United States, Vietnam and other regions. It describes Claude's role in automating tasks like coding, data analysis and content generation, which threat actors adapted to conduct operations with reduced need for specialized skills. Anthropic stated that its safety measures blocked most attempted harms, but the findings highlight AI's potential to enable broader cyber threats.

Large-Scale Data Extortion Using Claude Code

A cybercriminal, tracked internally as GTG-2002, employed Claude Code — an AI tool for programming tasks — to execute a data theft and extortion campaign against at least 17 organizations in sectors including healthcare, emergency services, government and religious institutions. The operation, active in the month leading up to the report's release, focused on exfiltrating personal data such as health records, financial information and credentials, rather than traditional encryption.

Claude Code handled reconnaissance by scanning VPN endpoints, harvesting credentials, infiltrating networks via tools like obfuscated Chisel tunnelling, and making decisions on data selection and exfiltration. It then analyzed the data to assess victim financials, prioritize targets and compute ransom demands up to US$500,000 in Bitcoin, while generating customized extortion notes with HTML elements for visual impact, such as alarming displays on victim machines. The actor used a file called CLAUDE.md to guide prompts, often in Russian to evade detection, and integrated non-English communication for stealth.

This approach, termed "vibe hacking" in the report, allowed the AI to simulate operational oversight, adapting in real time to defenses and suggesting monetization via direct payments, dark web sales or individual blackmail. No payments were confirmed, but the campaign achieved administrative access and persistent backdoors, with capability for business disruption. The operation was disrupted in July 2025 through Anthropic's detection pipeline.

North Korean Remote Job Fraud Facilitated by AI

North Korean operatives utilized Claude to secure and sustain remote IT positions at U.S. Fortune 500 technology companies, generating revenue estimated in the hundreds of millions of dollars annually to fund the regime's weapons programs in violation of international sanctions. The scheme predated widespread large language model use but expanded in 2025, aligning with a U.S. Federal Bureau of Investigation public service announcement issued on July 23, 2025.

Claude generated fabricated personas, including professional histories like degrees from institutions such as the University of Manchester, and assisted in resume tailoring, technical interview preparation — including coding challenges — and daily tasks like frontend development in React or Vue (61% of interactions), Python programming (26%), backend work (3%) and interview coaching (10%). Roughly 80% of Claude usage occurred during active employment, enabling operators with limited English and programming skills to manage multiple roles simultaneously and bypass training requirements.

The actors targeted remote positions to evade geographic restrictions, with AI handling communication to maintain deception. This evolution reduced the need for elite training historically required by the regime, scaling the fraud's reach.

Ransomware Development and Sales on Dark Web

A cybercriminal with basic coding skills used Claude from January 2025 to create and sell ransomware variants as a "no-code" service on dark web forums including Dread, CryptBB and Nulled, pricing basic DLL executables at US$400 and full kits with crypters and control panels at US$1,200. The kits featured ChaCha20 encryption, RSA key management, multi-threading, syscall obfuscation, anti-debugging and anti-recovery functions like shadow copy deletion to evade endpoint detection.

Claude provided guidance on Windows internals, reflective DLL injection and malware troubleshooting, allowing the actor — who lacked independent expertise — to produce deployable tools marketed via .onion sites and ProtonMail, sometimes disguised as educational resources. Widespread deployments were not observed in the report, but the ransomware-as-a-service model risks enabling attacks by less skilled buyers across various sectors.

Cyber Operations Targeting Vietnamese Critical Infrastructure

A Chinese-linked threat actor used Claude to attempt compromising major Vietnamese telecommunications providers, government databases and agricultural management systems. The operation integrated AI across the attack lifecycle, from reconnaissance and vulnerability identification to payload development and exploitation tactics.

Claude assisted in scripting network infiltration, analyzing system architectures and generating evasion techniques against Vietnamese defenses. Anthropic's assessment indicates successful compromises in some targets, highlighting state-linked actors' use of commercial AI for espionage and potential disruption in critical sectors. The activity aligns with broader patterns of regional cyber tensions.

Blocked Phishing and Code Generation Attempts

Anthropic intercepted multiple efforts to misuse Claude for phishing email drafting, malicious code creation or repair, influence campaign scripting and step-by-step hacking tutorials for low-skill actors. These occurred in real time during August 2025, with actors using iterative prompts to bypass safety filters and generate personalized lures or fix vulnerabilities in attack tools.

Anthropic banned all implicated accounts upon detection and implemented tailored classifiers to identify patterns like anomalous coding queries or fraud signals. It enhanced indicator correlation using public and private threat intelligence, shared non-sensitive details with relevant authorities, and committed to continue releasing reports regularly. Safety systems prevented the majority of harms, supported by regular external audits and adversarial testing.

Background, Development and Future Trends

The report emerges from increased AI adoption since 2023, where agentic models like Claude Code enable autonomous execution, lowering barriers for actors from nation-states to individuals. These cases developed from basic prompts to full integration, driven by AI's ability to automate attack chains and adapt tactics, with impacts including billions in global ransomware costs and challenges to law enforcement attribution.

Future trends point to "AI-native" threats like automated vulnerability scanning and adaptive malware, amid regulatory efforts such as the EU AI Act's staggered implementation, with general-purpose AI obligations starting August 2, 2025. The report calls for industry collaboration on standards, intelligence sharing and risk assessments to address gaps in international enforcement and maintain AI deployment trust.

License This Article

Source: Bloomberg, FBI, The Hacker News, Anthropic