securityaffairs.com 7/16/2026, 10:01:32 AM · external

Claude Code and DeepSeek Powered Chinese Cyber Espionage Campaign

Claude Code and DeepSeek Powered Chinese Cyber Espionage Campaign
CyberSIXT Evidence Panel
Primary Source hunt.io

THIS article discusses a cyber espionage campaign allegedly orchestrated by Chinese actors using AI tools Claude Code and DeepSeek. Researchers from Hunt.io discovered the campaign in June 2026 while analyzing compromised servers in Hong Kong. Notable aspects include:

1. **Discovery**: A vulnerability led to the revelation of 2,431 files containing victim data and exploit scripts on accessible servers.

2. **Automation**: The campaign utilized Claude Code for executing commands and DeepSeek for planning attacks, showcasing advanced capabilities.

3. **Targeting**: Victims included government systems in Taiwan, Thailand, and Afghanistan, and financial firms globally. Attackers exploited vulnerabilities, facilitating data breaches, and gaining admin access.

4. **Infrastructure**: All operations were traced back to Hong Kong, with observed links to previously documented Chinese hacking activities.

5. **Capabilities**: The campaign featured custom malware and techniques, with indicators of Chinese origin through language and infrastructure.

6. **Response**: Hunt.io has notified affected organizations and national cybersecurity bodies.

View Primary Source Via securityaffairs.com

Article by CyberSIXT