AI-Powered Espionage: Chinese Hackers Blend DeepSeek and Claude Code

A single misconfigured server in Hong Kong led researchers to a sprawling digital heist: 2,431 files across 80 directories, spanning stolen source code, phishing templates, and operator logs written in Simplified Chinese. But what made this breach stand out wasn’t just its scale—it was the tooling. Threat actors wielded two advanced AI models, DeepSeek-v4-pro and Claude Code 2.1.165, as core components of their intrusion, automating everything from script generation to credential harvesting.
From Planning to Execution: AI as a Dual-Edged Sword
Hunt.io researchers stumbled upon the campaign in June 2026 while tracking TencShell command-and-control infrastructure. What they found was a division of labor between two AI systems. DeepSeek-v4-pro took the lead in strategic planning: it generated attack scripts, selected techniques, and adapted when earlier attempts failed. Meanwhile, Claude Code 2.1.165 handled execution, running Bash commands, managing parallel sessions, and spinning up phishing pages. According to the report, a recovered file called CLAUDE.md even instructed the AI to automatically create, test, and refine cloned login portals for multiple targets.
The campaign mirrors a November 2025 disclosure by Anthropic, which detailed a China-linked operation using Claude Code to automate large-scale intrusions. This suggests a growing trend: threat actors are integrating commercial AI tools into their toolkits, leveraging their reasoning and automation capabilities to accelerate attacks. Session logs confirmed the same infrastructure was reused across campaigns targeting different regions, with Taiwan-specific operations isolated in dedicated directories.
A Glimpse into Operational Tactics
In Thailand, attackers exploited a government system via SQL injection, gaining access to an administrative panel and deploying a GIF-staged web shell for persistence. The exfiltrated data included names, national ID numbers, and job titles of public employees—980 files alone referenced this breach. In Afghanistan, a citizen complaint web app was compromised, with attackers leaving test entries confirming interactive access to the data.
The recovered artifacts paint a picture of meticulous, AI-assisted operations, where models not only execute commands but also refine attacks in real time. The servers hosting this infrastructure remained active as recently as June 18–19, 2026, underscoring the sustained nature of the campaign.
Why it matters
This isn’t just another cyber espionage campaign—it signals a shift in how threat actors operationalize AI. By combining Chinese domestic and Western-developed models, attackers are reducing manual effort while increasing adaptability, making defenses harder to keep up. For defenders, the lesson is clear: AI-driven threats require AI-driven detection. The line between offensive and defensive AI is blurring, and organizations must treat these tools as dual-use assets in the cyber arms race. The next frontier of security may depend less on human analysts alone and more on how well systems can anticipate AI-powered adversaries.
Source: Security Affairs. AI-assisted editorial synthesis — TechnoExpress.

