惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Jina AI
Jina AI
宝玉的分享
宝玉的分享
Last Week in AI
Last Week in AI
Help Net Security
Help Net Security
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
人人都是产品经理
人人都是产品经理
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
GbyAI
GbyAI
博客园_首页
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
MongoDB | Blog
MongoDB | Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
L
LINUX DO - 最新话题
PCI Perspectives
PCI Perspectives
博客园 - 三生石上(FineUI控件)
V2EX - 技术
V2EX - 技术
Spread Privacy
Spread Privacy
T
Tor Project blog
量子位
阮一峰的网络日志
阮一峰的网络日志
S
SegmentFault 最新的问题
小众软件
小众软件
博客园 - 叶小钗
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Blog — PlanetScale
Blog — PlanetScale
H
Help Net Security
Y
Y Combinator Blog
N
News | PayPal Newsroom
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
T
Tenable Blog
Scott Helme
Scott Helme
G
GRAHAM CLULEY
大猫的无限游戏
大猫的无限游戏
aimingoo的专栏
aimingoo的专栏
IT之家
IT之家
Schneier on Security
Schneier on Security
F
Fortinet All Blogs
Martin Fowler
Martin Fowler
T
Threat Research - Cisco Blogs
博客园 - 司徒正美
Application and Cybersecurity Blog
Application and Cybersecurity Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Attack and Defense Labs
Attack and Defense Labs
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
The Last Watchdog
The Last Watchdog
L
LangChain Blog
C
Check Point Blog
Google Online Security Blog
Google Online Security Blog
V
Visual Studio Blog
Latest news
Latest news

Threat Intelligence – ThreatDown by Malwarebytes

Prinz Eugen ransomware: a deep dive into a new Go-based encryptor - ThreatDown by Malwarebytes CastleRAT attack first to abuse Deno JavaScript runtime to evade enterprise security Machine-scale cybercrime: The 2026 State of Malware report How to prevent a rootkit attack Inside EDR-Freeze: How ThreatDown stops the attack before it spreads EDR vs MDR vs XDR – What’s the Difference? KMSpico explained: No, KMS is not “kill Microsoft” When you shouldn’t trust a trusted root certificate - ThreatDown by Malwarebytes Ransomware in April 2025—RansomHub is gone Ransomware in March 2025
AI-orchestrated cyberattacks
ThreatDown Writer · 2025-12-18 · via Threat Intelligence – ThreatDown by Malwarebytes

Sophisticated attackers once struggled to scale. Now, experienced groups can scale by adding agents to their workforce, and inexperienced or under‑resourced groups can attempt large‑scale operations with AI support.

In the January release of our ThreatDown 2025 State of Malware report, we made a prediction: 2025 would be the year adversaries use AI agents to launch their first autonomous cyberattacks.

The reasoning was simple. Cybercriminals targeting businesses face a scale constraint. Every intrusion relies on human operators who know how to break into networks, navigate systems, extract data, and run extortion campaigns. Their growth is limited by the number of skilled people they can put on an operation. But as agentic AI became more capable at the end of 2024, that limitation suddenly looked negotiable. These systems can interpret environments, make decisions, and execute multi-step operations without waiting for human direction.

We didn’t have to wait long for confirmation.

In August 2025, Anthropic documented the first case of an AI coding agent, Claude Code, supporting scaled data extortion operations. A single cybercriminal used the AI to conduct reconnaissance, harvest credentials, and automate network penetration across multiple international targets. The report’s key finding: “A single operator can achieve the impact of an entire cybercriminal team through AI assistance.”

Then, in November 2025, Anthropic released details of a further escalation: the first reported AI-orchestrated cyber-espionage campaign. This time, AI didn’t simply assist. The system executed up to 90% of tactical operations autonomously, across 30 targets, with minimal human involvement.

The methodology matters more than the attribution. Yes, this operation targeted technology companies and government agencies. Yes, investigators linked it to state-sponsored actors. But those details are secondary. What matters for organizations defending their networks is this: AI-orchestrated cyberattacks are real, operational, and will become cheaper and more sophisticated.

From assistance to orchestration in four months

The August case showed AI as a force multiplier. The actor tracked as GTG‑2002 used Claude Code to automate reconnaissance, credential harvesting, data analysis, and ransom‑note generation across 17 organizations in a single month. The AI functioned as an advanced tool, fast and efficient, but still under direct supervision of an operator. This alone represented a major shift: what once required a coordinated intrusion crew could now be done by an individual.

The November campaign, designated GTG-1002, marked the next stage. Human operators selected targets and set strategy. Nearly all tactical activity, including scanning, exploitation, lateral movement, and data operations, ran autonomously across multiple Claude Code agents. The operator intervened only at strategic decision points: approving the move from reconnaissance to active exploitation, authorizing use of stolen credentials for lateral movement, and making final calls about data exfiltration scope.

The system ran operations at physically impossible speeds for humans. The AI executed thousands of requests per second and kept session context stable for days. This structure kept complex intrusions active for long periods without manual rebuilds or coordination.

Why this matters: The scaling problem is gone

A key finding from the investigation was that attackers did not rely on sophisticated malware. Instead, they used standard penetration testing tools linked to automation frameworks—exactly the playbook practiced by human attackers. The power came from orchestration, not specialized code.

Ransomware and espionage groups have always struggled with scale. Skilled operators are scarce. Coordinated, multi‑stage attacks require expertise and time. That limitation has defined the threat landscape for more than a decade. The dozens of active ransomware groups have rarely managed more than a few hundred attacks between them in a month.

AI agents remove this barrier. In the GTG‑1002 campaign, a single operator targeted roughly 30 entities, with investigations validating multiple successful intrusions supported by autonomous AI agents. The AI maintained separate contexts for each target, adapted strategies based on discovered infrastructure, and independently progressed through attack phases.

This is a structural shift in how attacks can be carried out, and as models improve, adoption will grow.

AI hallucination as the last short-term speed bump

Anthropic’s report highlights a constraint that shapes near‑term adoption. AI systems still make operational mistakes that human operators must correct. Claude overstated findings at times and occasionally fabricated data during autonomous operations, such as claiming to have obtained credentials that didn’t work.

This limitation matters because it defines the only real friction cybercriminals face today. It slows them down, but not by much, and the friction is shrinking quickly. As models improve, error rates will fall. The barrier that remains is temporary, and it will not slow adversary adoption of autonomous attack methods for long.

What comes next

Sophisticated attackers once struggled to scale. Now, experienced groups can scale by adding agents to their workforce, and inexperienced or under‑resourced groups can attempt large‑scale operations with AI support. GTG‑1002 shows how quickly autonomy escalates. The August operations kept humans firmly in the loop. The November campaign needed far less human involvement despite its larger scope.

ThreatDown predicted this development in early 2025, and it has already arrived. AI agents can now carry out significant portions of cyberattacks, and the cost curve continues to drop.

This is the inflection point the industry needs to acknowledge. AI‑orchestrated operations are becoming a practical option for a much larger set of threat actors, and the skills required to run campaigns are dropping fast.

For the time being, malicious agents are using the same playbooks as human attackers, so organizations need to adapt for more and faster attacks, but not for novel tactics. Defenders must be ready to respond immediately to an increasing volume of Endpoint Detection and Response alerts, day or night, using services like ThreatDown’s Managed Detection and Response.