An active, highly structured intrusion campaign co-opting commercial artificial intelligence platforms as operational engines for state-sponsored operations.

Rather than acting as peripheral research tools, Claude Code and DeepSeek-v4-pro were embedded directly into the core execution flows of a China-linked cyber espionage campaign.

The operation uncovered by Hunt researchers pivoted off known TencShell command-and-control (C2) infrastructure originally documented by Cato CTRL in May 2026, which exposed an open directory containing victim source code, custom exploit scripts, operator logs, and cloned login pages, accompanied by simplified Chinese documentation.

Chinese Hackers Embed Claude Code and DeepSeek

Researchers analyzed the recovered operator logs, which revealed a definitive, programmatic division of labor between two distinct large language models:

  • Claude Code (Execution & Automation): Tasked with agentic tool interaction, processing interactive bash environments, running terminal commands, and maintaining operational session persistence.
  • DeepSeek-v4-pro (Reasoning & Attack Logic): Leveraged exclusively for high-level attack reasoning, script generation, security evasion logic, and exploit adaptation.

Detailed instructions discovered inside a central CLAUDE.md workspace file directed the automated agent to construct, test, and dynamically optimize targeted phishing infrastructure.

Operational timelines dated between June 8 and June 12, 2026, exposed dedicated active working environments tailored specifically for Taiwan-based intelligence requirements.

This systematic operational flow mirrors Anthropic’s November 2025 security advisory concerning a China-linked threat actor using malicious developer tools to orchestrate mass automated infrastructure intrusions.

TencShell malware port 1111 HTTP header, showing 13 unique IPs (Image Source: HUNT.io)

Hunt researchers pivoted on a shared, unique HTTP header fingerprint; investigators exposed a broader infrastructure network spanning 13 primary servers across four separate Hong Kong-based Autonomous System Numbers (ASNs).

Three of these primary collection nodes utilized overlapping SSH keys and TLS certificates to establish built-in redundancy layers.

The primary collection node 112.213.124[.]132hosted a multi-tiered offensive toolkit featuring the ARL (Attack Reconnaissance Lighthouse) framework for network mapping, DeepAudit for vulnerability identification, and Vshell for remote system administration.

These tools sat directly alongside an open repository staging 2,431 stolen or operational files. The analysis also brought to light an entirely undocumented secondary framework, dubbed “Gshell,” that executed in lockstep across identical infrastructure, demonstrating that the threat group maintained parallel C2 frameworks to maximize operational uptime.

IP profile for 112.213.124[.]132 showing open ports 1111, 3000 (DeepAudit), 5003 (ARL), 8084 (Vshell), and 8888 (open directory)
IP profile for 112.213.124[.]132 showing open ports 1111, 3000 (DeepAudit), 5003 (ARL), 8084 (Vshell), and 8888 (open directory) (Image Source: HUNT.io)
Target Country / Sector Compromised System Vector Core Exploitation Payload / Objective
Taiwan Supply chain networks & manufacturing entities (8 firms) SQL injection (SQLi) of chemical firms; exfiltration of cloud tokens (Supabase/Azure SAS keys).
Thailand Government administrative application nodes SQLMap-driven data dump of employee national ID records; GIF-polyglot webshell deployment for persistence.
Afghanistan Laravel-based public application architecture Ingestion of citizen complaint databases and encryption keys via custom deserialization Remote Code Execution (RCE).
United States Public sector subdomains and civic databases Footprinting of NASA subdomains; staging of unfinished phishing clones targeting the D.C. Council and Delaware County, Pennsylvania.
Financial Services Enterprise payment processing platforms Cross-Origin Resource Sharing (CORS) exploitation targeting administrative WordPress web credentials across Europe, Australia, and Asia.

The campaign documents an intermediate-to-advanced threat landscape characterized by custom exploit payloads tuned to narrow framework version signatures, cross-platform malware orchestration, and real-time LLM-driven evasion cycles.

Operators successfully used these setups for active credential harvesting across widespread multi-tenant corporate applications.

Redacted compromised database table of a Thai government admin panel
Redacted compromised database table of a Thai government admin panel (Image Source: HUNT.io)

The combination of simplified Chinese developer logs, geographic localization across Hong Kong internet infrastructure, and targets explicitly mirroring state intelligence mandates strongly supports a China-based threat grouping.

Ultimately, this activity signals a critical paradigm shift: commercial AI systems have evolved from passive, offline research helpers into live, force-multiplying components of interactive cyber attacks, raising fresh questions about dual-use risks in agentic environments.