LLM-enhanced ransomware toolkits

Incidents implicated systems

Incident 12012 Rapports
Anthropic Reportedly Identifies AI Misuse in Extortion Campaigns, North Korean IT Schemes, and Ransomware Sales

2025-08-27

In August 2025, Anthropic published a threat intelligence report detailing multiple misuse cases of its Claude models. Documented abuses included a large-scale extortion campaign using Claude Code against at least 17 organizations, fraudulent remote employment schemes linked to North Korean operatives, and the development and sale of AI-generated ransomware. Anthropic banned the accounts, implemented new safeguards, and shared indicators with authorities.

Related Entities

Unknown cybercriminals

Incidents involved as Deployer

Incident 1201
2 Report
Anthropic Reportedly Identifies AI Misuse in Extortion Campaigns, North Korean IT Schemes, and Ransomware Sales

Ransomware-as-a-service actors

Incidents involved as Deployer

Incident 1201
2 Report
Anthropic Reportedly Identifies AI Misuse in Extortion Campaigns, North Korean IT Schemes, and Ransomware Sales

North Korean IT operatives

Incidents involved as Deployer

Incident 1201
2 Report
Anthropic Reportedly Identifies AI Misuse in Extortion Campaigns, North Korean IT Schemes, and Ransomware Sales

Anthropic

Incidents involved as Developer

Incident 1201
2 Report
Anthropic Reportedly Identifies AI Misuse in Extortion Campaigns, North Korean IT Schemes, and Ransomware Sales

Religious institutions

Affecté par des incidents

Incident 1201
2 Report
Anthropic Reportedly Identifies AI Misuse in Extortion Campaigns, North Korean IT Schemes, and Ransomware Sales

Healthcare organizations

Affecté par des incidents

Incident 1201
2 Report
Anthropic Reportedly Identifies AI Misuse in Extortion Campaigns, North Korean IT Schemes, and Ransomware Sales

Government agencies

Affecté par des incidents

Incident 1201
2 Report
Anthropic Reportedly Identifies AI Misuse in Extortion Campaigns, North Korean IT Schemes, and Ransomware Sales

Fortune 500 technology companies

Affecté par des incidents

Incident 1201
2 Report
Anthropic Reportedly Identifies AI Misuse in Extortion Campaigns, North Korean IT Schemes, and Ransomware Sales

Emergency services

Affecté par des incidents

Incident 1201
2 Report
Anthropic Reportedly Identifies AI Misuse in Extortion Campaigns, North Korean IT Schemes, and Ransomware Sales

Consumers targeted by ransomware

Affecté par des incidents

Incident 1201
2 Report
Anthropic Reportedly Identifies AI Misuse in Extortion Campaigns, North Korean IT Schemes, and Ransomware Sales

Claude

Incidents implicated systems

Incident 1201
2 Report
Anthropic Reportedly Identifies AI Misuse in Extortion Campaigns, North Korean IT Schemes, and Ransomware Sales