{"description": "Enterprise techniques used by Anthropic AI-orchestrated Campaign, ATT&CK campaign C0062 (v1.0)", "name": "Anthropic AI-orchestrated Campaign (C0062)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "19", "navigator": "5.3.2"}, "techniques": [{"techniqueID": "T1087", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary used Claude Code to query internal database user account tables to enumerate accounts and identify high-privilege accounts within compromised environments.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1595", "showSubtechniques": true}, {"techniqueID": "T1595.001", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary used Claude Code to scan infrastructure across IP ranges associated with the target organization.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1595.002", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary used Claude Code to scan target infrastructure to identify potential vulnerabilities and to enumerate services and endpoints.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1119", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary used Claude Code to automatically collect and process large volumes of data from without human direction.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1584", "showSubtechniques": true}, {"techniqueID": "T1584.004", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary operated dedicated penetration testing servers accessible via MCP to support remote command execution, simultaneous tool coordination, and persistent operational state maintenance across campaign sessions.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1136", "showSubtechniques": true}, {"techniqueID": "T1136.001", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary used Claude Code to create a local backdoor account to maintain access.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1213", "showSubtechniques": true}, {"techniqueID": "T1213.006", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary used Claude Code to query internal databases and systems to extract proprietary information, system configurations, and sensitive operational data. (Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1005", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary tasked Claude Code to automatically gather sensitive data stored within the local system to include credentials, system configurations and sensitive operational data.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1074", "showSubtechniques": true}, {"techniqueID": "T1074.001", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary used Claude Code to stage extracted data and operational documentation in structured markdown files on local systems prior to exfiltration.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1587", "showSubtechniques": true}, {"techniqueID": "T1587.004", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary used Claude Code to research exploitation techniques for an identified SSRF vulnerability, to generate a tailored custom attack payload, and to develop a full exploit chain prior to deployment.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1567", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary utilized Claude Code to generate a detailed summary report of collected data, which is then reviewed and approved by the adversary prior to exfiltration of data over Claude.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1190", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary used Claude Code to deploy a custom exploit payload targeting an identified SSRF vulnerability to gain initial access to a targeted environment.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1083", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary leveraged Claude Code to identify sensitive data within the victim environment for extraction.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1592", "showSubtechniques": true}, {"techniqueID": "T1592.002", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary utilized Claude Code to catalog services and data on discovered endpoints.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1592.004", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary leveraged Claude Code to gather details of high-value systems to include databases and workflow orchestration platforms.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1590", "showSubtechniques": true}, {"techniqueID": "T1590.004", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary used Claude Code to map a complete network topology of the target infrastructure.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1683", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary utilized Claude Code to automatically generate comprehensive documentation throughout the phases of the attack, including discovered services, harvested credentials, sensitive data, exploitation techniques, and complete attack progression.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1046", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary used Claude Code to enumerate internal network services and endpoints across targeted environments using browser automation via MCP, including databases, container registries, admin interfaces, and workflow orchestration platforms.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1588", "showSubtechniques": true}, {"techniqueID": "T1588.002", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary obtained open-source penetration testing tools including network scanners, database exploitation frameworks, password crackers, and binary analysis suites.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1588.007", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary obtained access to Claude Code to support cyber intrusion operations.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1082", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary tasked Claude Code to query databases and systems in order to identify proprietary information, including system configurations and database types.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1016", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary configured Claude Code to identify and gather system configurations of discovered devices.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1049", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary used Claude Code to map internal network architecture and access relationships.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1552", "showSubtechniques": true}, {"techniqueID": "T1552.001", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary used Claude Code to extract authentication certificates stored in system configuration files across compromised environments.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1078", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary used harvested credentials to authenticate against internal APIs, database systems, container registries, and logging infrastructure across targeted networks.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1078.003", "comment": "During the [Anthropic AI-orchestrated Campaign](https://attack.mitre.org/campaigns/C0062), the adversary used Claude Code to test credentials harvested against discovered devices.(Citation: Anthropic AI Orchestrated Campaign NOV 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by Anthropic AI-orchestrated Campaign", "color": "#66b1ff"}]}