Anthropic, the company behind the Claude chatbot, has revealed how a cybercriminal with only basic coding skills used Claude to run a rewarding illegal operation, getting the chatbot to do everything from finding targets to writing ransom notes.
In a Threat Intelligence Report for August, Anthropic revealed multiple cases of Claude being misused, including a fake employment scheme from North Korea as well as a large-scale extortion operation using Claude Code, an AI-powered coding tool. The operation to use Claude to run a large-scale data extortion racket, however, stands out because it demonstrates how easy it is for someone who is not very skilled in technology to use AI tools to wreak havoc on businesses.
While Anthropic has not revealed the names of the companies targeted by the hacker, the report says he/she targeted at least 17 organisations in sectors ranging from healthcare and government to emergency services as well as religious institutions. The hacker threatened to expose the stolen data publicly in order to try and extort victims into coughing up ransoms that exceeded $500,000. Usually, cybercriminals encrypt stolen data with ransomware.
According to the AI company, “Claude Code was used to automate reconnaissance, harvesting victims’ credentials, and penetrating networks. Claude was allowed to make both tactical and strategic decisions, such as deciding which data to exfiltrate, and how to craft psychologically targeted extortion demands. Claude analysed the exfiltrated financial data to determine appropriate ransom amounts as well as generated visually alarming ransom notes that were displayed on victim machines.”
The Threat Intelligence Report explains that the operation shows that agentic AI tools are being used to provide both technical advice and active operational support for attacks that would otherwise have required a team of operators.
Another cybercriminal used Claude to build and then distribute ransomware packages with advance evasion capabilities, encryption, and anti-recovery mechanisms. According to the company, these packages were sold on the Internet to other malicious actors for amounts ranging from $400 to $1200. The cybercriminal used Claude to implement and troubleshoot components, without which their malware may have been of an inferior quality.
In the , Anthropic has detailed the action taken by the company to prevent such abuse of the Claude AI tool.
Another fraud discovered by Anthropic showed how hackers from North Korea used Claude to create elaborate false identities to secure and then stay employed at remote jobs in Fortune 500 companies.
Click Here For The Original Source.
