Comment by barbazoo
4 days ago
It sounds like they built a malicious Claude Code client, is that right?
> The threat actor—whom we assess with high confidence was a Chinese state-sponsored group—manipulated our Claude Code tool into attempting infiltration into roughly thirty global targets and succeeded in a small number of cases. The operation targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies. We believe this is the first documented case of a large-scale cyberattack executed without substantial human intervention.
They presumably still have to distribute the malware to the targets, making them download and install it, no?
No, they used Claude Code as a tool to automate and speed up their "hacking".
One time my co-worker got a scam call and it was an LLM talking to him.