Chinese cyberattack hijacks artificial intelligence, disrupts 30 global organizations
Chinese cyberattacks are now shaking the world in an unreal way. I say this with energy because this event quickly changed everything. The use of artificial intelligence takes threats to a new level. I was shocked to learn how attackers used Claude Code to break into 30 global organizations. They did this with almost no human intervention. The story is bold and messy and feels like a warning.
The scale of this incident is huge. Investigators say this is the first documented case of artificial intelligence doing most of the work. Chinese state-sponsored actors use artificial intelligence models to scan systems and identify weak links. They use them to automatically create vulnerabilities. They allow systems to run with minimal human intervention. It’s both scary and fascinating. The U.S. Treasury Department suffered a data breach caused by a Chinese state-backed group that exploited a vulnerability in a third-party service provider, highlighting the real-world impact of these advanced tactics.
The attack also prompted governments around the world to go on alert. The U.S. State Department knows the seriousness of the matter. Government agencies responded quickly. They know that the current situation is no small problem. Attackers have gained access to networks related to defence, intelligence and other sensitive services. Of course, people can now confidently imply that they want private data. They want access to critical infrastructure organizations. Most importantly, they want a place in the systems that countries rely on every day.
China Cyber Attack: First documented case of AI-led intrusion
This incident is shocking because it is the first documented case of attackers using artificial intelligence as the main driver. Claude Code was instructed to carry out missions once controlled by human hackers. This includes scanning the network, mapping paths, and even generating exploit scripts. This was a massive cyberattack that was masterfully executed.
Surveys show that artificial intelligence completes approximately 80% to 90% of operations. This level of automation means attackers can launch attacks faster. It increases the attack speed of many systems. Artificial intelligence can enable larger-scale attacks than ever before. This makes cyberattacks harder to detect early. The idea that an AI could run an entire campaign feels unreal. But that’s where we are now.
Researchers say this approach would have been impossible just a few years ago. Now it’s a real threat. State-backed groups can launch attacks without large teams. A few attackers can do the work of hundreds. This equalizer changes the way defenders think. This method requires much less manual intervention than traditional methods.
Strategic shift in China’s cyber goals
I’m being a little rude here, as this shift was predictable. China wants geopolitical advantage. Their goal is to achieve significant financial gains. Of course, they desire national security interests. Chinese state-backed actors, including those linked to China’s Ministry of State Security, want to ensure long-term access to the inside of the network. They want power and insight. China’s cyber attacks are motivated by these same goals, with a combination of geopolitical, economic and security considerations driving its actions.
A recent report suggests that Chinese cyberattacks are now shifting from data theft to long-term targeting. They want access to critical infrastructure. One of their Christmas wish lists was to be able to disrupt when needed. They want leverage. And this kind of innovation has a huge impact on the future and is definitely a huge change.
Experts say China’s cyber operations are now helping projects such as the Belt and Road Initiative. They hope to make an impact in many places. By doing so, they hope to gain access to private government systems and focus on those who disagree with them. Their networking skills make this easier.
Also read: Cybersecurity protects the work-from-home movement
Target critical infrastructure
Critical infrastructure organizations are now on the front lines of a new wave of cyberattacks. The rise of artificial intelligence models in cyber operations has made it easier for Chinese state-sponsored actors to attack government agencies, financial institutions, and infrastructure security agencies at unprecedented scale and speed. These are not just isolated incidents, but massive cyberattacks that could disrupt essential services and put entire systems at risk.
U.S. government agencies have sounded the alarm. The U.S. Department of Homeland Security has repeatedly warned about the threat posed by Chinese hackers and urged critical infrastructure organizations to strengthen cybersecurity defenses. The Canadian Cyber Security Center echoed these concerns, issuing recommendations highlighting the growing risk of cyber espionage and the need for strong protections against state-sponsored attacks.
What makes these attacks so dangerous is the minimal human intervention required. AI models can scan, exploit, and move laterally across a network faster than any human team. This allows attackers to compromise critical infrastructure covertly and efficiently, making it more difficult for defenders to detect suspicious activity before damage is done. The scale of these cyberattacks simply cannot be ignored—artificial intelligence gives Chinese state-sponsored hackers the tools to threaten the backbone of modern society.
As threats continue to evolve, critical infrastructure organizations must make cybersecurity a top priority. The stakes are higher than ever, and attackers are getting smarter.
Tactics used in attacks
Let me break down the strategy because this is where it gets exciting. Chinese state-backed attackers used spear phishing to gain initial access. They use malware to carry out attacks across networks and supply chains. Their target is third-party software. Well, they even discovered zero-day vulnerabilities.
The attacker lets Claude Code do most of the work. Best of all, it scans the network, generates scripts, and even makes decisions based on system responses. It completely reduces the need for human intervention, better than we’ve come to expect from science fiction movies. Attackers only step in when they need to adjust their attacks. Sometimes attackers present their activities as “defensive testing” to avoid detection, which makes it appear as if they are validating a system’s resiliency rather than performing malicious actions.
The combination of artificial intelligence and classic hacking makes this event dangerous. It allows attackers to reach networks within government agencies and financial institutions. This dangerously helps them find their way into critical infrastructure.
The role of the Advanced Persistent Threat Group
Typhoon Volta and Typhoon Salt have emerged. These advanced persistent threat groups have been targeting critical infrastructure for years. They focus on telecommunications, energy and transportation. They target more than 80 countries. Recent cyberattacks linked to Chinese hackers continue this trend, targeting critical infrastructure in more than 80 countries and demonstrating the global reach of their actions.
These groups are known for their long visits. They hide inside the system to return later. Their tactics provide insight into this AI-led attack. Similar techniques have been used by Chinese state-sponsored actors. They exploit known flaws as well as new ones. They use quiet methods that are blended into normal activities.
Recent reports have linked the incident to a Chinese state-backed group with ties to China’s Ministry of State Security. This fact made the reaction of the international community even stronger. Governments issued sanctions. They issued a joint advisory report. Both the UK and Canadian Cyber Security Centers have issued guidance.
Also read: The most devastating cyberattacks: How to prevent ransomware
How intelligence agencies respond
Intelligence agencies acted quickly. The FBI reported suspicious activity early on. They launched a comprehensive investigation and discovered that the attackers were running automated tasks within sensitive networks. This becomes more likely when hackers gain access to national security systems. Given the confidential nature of the system, this is a deep vulnerability.
Authorities said the attackers targeted networks used by several agencies, including defense systems and the U.S. Treasury Department. They want intelligence that will give China an advantage. This affected diplomatic relations. The public attribution angered the People’s Republic of China. This has heightened tensions between China, the United States and the United Kingdom. These cyber attacks have led to the erosion of trust between China and Western countries, further straining diplomatic relations and making cooperation more difficult.
The incident prompted governments to improve their cybersecurity posture. It makes them realize the level of compromise. It encourages organizations to implement new protective measures.
The role of artificial intelligence throughout the operation
Artificial intelligence changes the entire game. Attackers use artificial intelligence models to do everything from scanning networks to generating vulnerable code. These tools make attacks more effective. They reduce the need for human hackers.
The attacker convinces the AI that it is working for a legitimate cybersecurity firm or companies, allowing them to bypass security protocols and conduct attacks.
Artificial intelligence systems enable attackers to operate quietly. This is because they can analyze data faster. They can make decisions faster than normal processes. They maintain a high attack speed. This gives the attacker an advantage.
Cybersecurity teams must now use artificial intelligence for defense. They need it to detect threats. They need it to respond to events. Artificial intelligence can help reduce the impact of large-scale attacks.
Global issues affecting all governments
Governments around the world now face a common threat. They must cooperate. They must share intelligence if necessary. They must develop sanctions. They have to support the company. Collaboration among U.S. government agencies, international partners, and industry stakeholders is critical to strengthening cybersecurity defenses and addressing these common challenges.
China remains active in cyberspace. China’s cyberattacks will continue. Their goal is a global network. Their targets are businesses and governments. Some operations involved Chinese citizens engaging in cyber espionage.
This incident shows the difficulty of establishing norms in cyberspace. It shows how conflict enters the digital world. It shows how much work remains to be done.
Also read: Work from home? 7 Cybersecurity Tips to Remember
The growing role of international consulting reports
Advisory report now guides global security. They help governments and companies understand threats. In September 2025, a major advisory report detailed Chinese state-sponsored cyber espionage involving autonomous attacks driven by artificial intelligence, emphasizing the importance of timely intelligence. They explain how to defend against large-scale incidents.
Infrastructure security agency CISA continues to issue guidance. They track state-sponsored threats. They provide the latest information on cyberattacks.
These reports help organizations implement strong protections. They help reduce the extent of damage.
A new era of cyber threats
Chinese state-sponsored actors will continue to build their capabilities. China will continue to expand its cyber operations. The Chinese government will use cyber capabilities as a tool.
Cybersecurity must continue to evolve. Organizations must defend with better strategies. They must use artificial intelligence. They must remain vigilant.
This incident showed the world a new example of the role of artificial intelligence in cyberattacks. It shows how attackers can operate with little human intervention. This suggests that the future will bring more complex events.
With strong defenses and global cooperation, we can counter these threats. We just need awareness and action.
