Chinese threat actors have been leveraging Claude Code and DeepSeek to orchestrate a sophisticated cyber espionage campaign, compromising government systems and financial institutions. The operation was uncovered by Hunt.io researchers in June 2026, who discovered an open directory on a Hong Kong-based server containing a trove of sensitive information, including victim source code, custom exploit scripts, and operator logs written in Simplified Chinese. The researchers stumbled upon the campaign while investigating known TencShell command-and-control infrastructure, ultimately tracing the activity to 13 Hong Kong-based servers. The use of Claude Code and DeepSeek has enabled the attackers to automate their efforts, making the campaign more efficient and potentially more damaging. The discovery of this campaign highlights the growing concern of state-sponsored cyber espionage, particularly when powered by advanced tools like Claude Code and DeepSeek1. This matters to security practitioners as it underscores the need for enhanced monitoring and detection capabilities to counter such sophisticated threats.