AI-assisted intrusions in government networks show how frontier models are changing cyber espionage
Researchers found an active Chinese intrusion campaign that used Claude Code and DeepSeek to automate parts of espionage operations against government systems and financial firms. The operators were linked to TencShell infrastructure and reportedly used the models to help with execution, session persistence, and reasoning across multiple stages of the intrusion. Evidence from recovered logs suggested attacks in Afghanistan, Thailand, and Taiwan, plus reconnaissance against U.S. portals and targeting of financial services in several regions. The story matters because it moves the AI-security debate from theory to operational use by an advanced actor. It also suggests that large language models can shorten the time between reconnaissance, exploitation, and follow-on activity. For defenders, this is a warning that AI-enabled adversaries can scale faster and with less technical friction than traditional teams expected.
Sources
- Claude Code and DeepSeek Powered Chinese Cyber Espionage Campaign — Security Affairs
- 🇨🇳 Suspected Chinese Operators Use Claude Code and DeepSeek to Breach Government Systems Across Four Countries — /r/cybersecurity
- 🇨🇳 One header fingerprint pivoted to 13 Hong Kong servers across 4 ASNs, government and financial targeting across several regions — threat intelligence


Leave a Reply