Cyberattacks

researchers-question-anthropic-claim-that-ai-assisted-attack-was-90%-autonomous

Researchers question Anthropic claim that AI-assisted attack was 90% autonomous

AI, Anthropic, Biz & IT, Claude, Cyberattacks, espionage, Security / /

Claude frequently overstated findings and occasionally fabricated data during autonomous operations, claiming to have obtained credentials that didn’t work or identifying critical discoveries that proved to be publicly available information. This AI hallucination in offensive security contexts presented challenges for the actor’s operational effectiveness, requiring careful validation of all claimed results. This remains an obstacle to fully autonomous cyberattacks.

How (Anthropic says) the attack unfolded

Anthropic said GTG-1002 developed an autonomous attack framework that used Claude as an orchestration mechanism that largely eliminated the need for human involvement. This orchestration system broke complex multi-stage attacks into smaller technical tasks such as vulnerability scanning, credential validation, data extraction, and lateral movement.

“The architecture incorporated Claude’s technical capabilities as an execution engine within a larger automated system, where the AI performed specific technical actions based on the human operators’ instructions while the orchestration logic maintained attack state, managed phase transitions, and aggregated results across multiple sessions,” Anthropic said. “This approach allowed the threat actor to achieve operational scale typically associated with nation-state campaigns while maintaining minimal direct involvement, as the framework autonomously progressed through reconnaissance, initial access, persistence, and data exfiltration phases by sequencing Claude’s responses and adapting subsequent requests based on discovered information.”

The attacks followed a five-phase structure that increased AI autonomy through each one.

The life cycle of the cyberattack, showing the move from human-led targeting to largely AI-driven attacks using various tools, often via the Model Context Protocol (MCP). At various points during the attack, the AI returns to its human operator for review and further direction.

Credit: Anthropic

The life cycle of the cyberattack, showing the move from human-led targeting to largely AI-driven attacks using various tools, often via the Model Context Protocol (MCP). At various points during the attack, the AI returns to its human operator for review and further direction. Credit: Anthropic

The attackers were able to bypass Claude guardrails in part by breaking tasks into small steps that, in isolation, the AI tool didn’t interpret as malicious. In other cases, the attackers couched their inquiries in the context of security professionals trying to use Claude to improve defenses.

As noted last week, AI-developed malware has a long way to go before it poses a real-world threat. There’s no reason to doubt that AI-assisted cyberattacks may one day produce more potent attacks. But the data so far indicates that threat actors—like most others using AI—are seeing mixed results that aren’t nearly as impressive as those in the AI industry claim.

Researchers question Anthropic claim that AI-assisted attack was 90% autonomous Read More »

nato-boss-mocks-russian-navy,-which-is-on-the-hunt-for-red-october-“the-nearest-mechanic”

NATO boss mocks Russian navy, which is on the hunt for Red October “the nearest mechanic”

Cyberattacks, russia, Russian navy, Security, submarine / /

When one of its Kilo-class diesel-electric submarines recently surfaced off the coast of France, Russia denied that there was a problem with the vessel. The sub was simply surfacing to comply with maritime transit rules governing the English Channel, the Kremlin said—Russia being, of course, a noted follower of international law.

But social media accounts historically linked to Russian security forces suggested a far more serious problem on the submarine Novorossiysk. According to The Maritime Executive, “Rumors began to circulate on well-informed social media channels that the Novorossiysk had suffered a fuel leak. They suggested the vessel lacked onboard capabilities and was forced to surface to empty flooded compartments. Some reports said it was a dangerous fuel leak aboard the vessel, which was commissioned in 2012.”

France 24 quoted further social media reports as saying, “The submarine has neither the spare parts nor the qualified specialists onboard to fix the malfunction,” and it “now poses an explosion hazard.”

When the Novorossiysk surfaced off the coast of France a few days ago, it headed north and was promptly shadowed by a French warship, then an English ship, and finally a Dutch hydrographic recording vessel and an NH90 combat helicopter. The Dutch navy said in a statement that the Novorossiysk and “the tugboat Yakov Grebelskiy,” which was apparently towing it, have left the Dutch Exclusive Economic Zone. Although Russian ships have the right to transit international waters, the Dutch wanted to show “vigilance” in “preventing Russian ships from sabotaging submarine infrastructure.”

NATO boss mocks Russian navy, which is on the hunt for Red October “the nearest mechanic” Read More »

two-uk-teens-charged-in-connection-to-scattered-spider-ransomware-attacks

Two UK teens charged in connection to Scattered Spider ransomware attacks

Biz & IT, criminal courts, Cyberattacks, ransomware, Security / /

Federal prosecutors charged a UK teenager with conspiracy to commit computer fraud and other crimes in connection with the network intrusions of 47 US companies that generated more than $115 million in ransomware payments over a three-year span.

A criminal complaint unsealed on Thursday (PDF) said that Thalha Jubair, 19, of London, was part of Scattered Spider, the name of an English-language-speaking group that has breached the networks of scores of companies worldwide. After obtaining data, the group demanded that the victims pay hefty ransoms or see their confidential data published or sold.

Bitcoin paid by victims recovered

The unsealing of the document, filed in US District Court of the District of New Jersey, came the same day Jubair and another alleged Scattered Spider member—Owen Flowers, 18, from Walsall, West Midlands—were charged by UK prosecutors in connection with last year’s cyberattack on Transport for London. The agency, which oversees London’s public transit system, faced a monthslong recovery effort as a result of the breach.

Both men were arrested at their homes on Thursday and appeared later in the day at Westminster Magistrates Court, where they were remanded to appear in Crown Court on October 16, Britain’s National Crime Agency said. Flowers was previously arrested in connection with the Transport for London attack in September 2024 and later released. NCA prosecutors said that besides the attack on the transit agency, Flowers and other conspirators were responsible for a cyberattack on SSM Health Care and attempting to breach Sutter Health, both of which are located in the US. Jubair was also charged with offenses related to his refusal to turn over PIN codes and passwords for devices seized from him.

Two UK teens charged in connection to Scattered Spider ransomware attacks Read More »

to-guard-against-cyberattacks-in-space,-researchers-ask-“what if?”

To guard against cyberattacks in space, researchers ask “what if?”

Cyberattacks, international space station, Security, Space, syndication / /
Complex space systems like the International Space Station could be vulnerable to hackers.

Enlarge / Complex space systems like the International Space Station could be vulnerable to hackers.

If space systems such as GPS were hacked and knocked offline, much of the world would instantly be returned to the communications and navigation technologies of the 1950s. Yet space cybersecurity is largely invisible to the public at a time of heightened geopolitical tensions.

Cyberattacks on satellites have occurred since the 1980s, but the global wake-up alarm went off only a couple of years ago. An hour before Russia’s invasion of Ukraine on February 24, 2022, its government operatives hacked Viasat’s satellite-Internet services to cut off communications and create confusion in Ukraine.

I study ethics and emerging technologies and serve as an adviser to the US National Space Council. My colleagues and I at California Polytechnic State University’s Ethics + Emerging Sciences Group released a US National Science Foundation-funded report on June 17, 2024, to explain the problem of cyberattacks in space and help anticipate novel and surprising scenarios.

Space and you

Most people are unaware of the crucial role that space systems play in their daily lives, never mind military conflicts. For instance, GPS uses signals from satellites. GPS-enabled precision timing is essential in financial services where every detail—such as time of payment or withdrawal—needs to be faithfully captured and coordinated. Even making a mobile phone call relies on precise coordination of time in the network.

Besides navigation for airplanes, boats, cars, and people, GPS is also important for coordinating fleets of trucks that transport goods to stock local stores every day.

Earth-observation satellites are “eyes in the skies” with a unique vantage point to help forecast the weather, monitor environmental changes, track and respond to natural disasters, boost agricultural crop yields, manage land and water use, monitor troop movements, and much more. The loss of these and other space services could be fatal to people vulnerable to natural disasters and crop failure. They could also put global economics and security at serious risk.

Many satellites are crucial for tracking natural and human activity on Earth.

Enlarge / Many satellites are crucial for tracking natural and human activity on Earth.

Factors in play

In our report, we identified several factors that contribute to the increasing threat of space cyberattacks. For instance, it’s important to recognize that the world is at the start of a new space race.

By all accounts, space is becoming more congested and more contested. Both nation-states and private companies, which are underregulated and now own most of the satellites in orbit, are gearing up to compete for resources and research sites.

Because space is so remote and hard to access, if someone wanted to attack a space system, they would likely need to do it through a cyberattack. Space systems are particularly attractive targets because their hardware cannot be easily upgraded once launched, and this insecurity worsens over time. As complex systems, they can have long supply chains, and more links in the chain increase the chance of vulnerabilities. Major space projects are also challenged to keep up with best practices over the decade or more needed to build them.

And the stakes are unusually high in space. Orbital trash zips around at speeds of 6 to 9 miles per second and can easily destroy a spacecraft on impact. It can also end space programs worldwide given the hypothesized Kessler syndrome in which the Earth is eventually imprisoned in a cocoon of debris. These consequences weigh in favor of space cyberattacks over physical attacks because the debris problem is also likely to affect the attacker.

Moreover, given critical space infrastructure and services, such as GPS, conflicts in space can spark or add more fuel to a conflict on Earth, even those in cyberspace. For instance, Russia warned in 2022 that hacking one of its satellites would be taken as a declaration of war, which was a dramatic escalation from previous norms around warfare.

To guard against cyberattacks in space, researchers ask “what if?” Read More »