GTG-1002

Other

Attributed threat actor group linked to AI-orchestrated multi-channel social engineering operations. Uses AI-generated voice and video to conduct sophisticated impersonation attacks across multiple communication platforms.

Entity Summary

Entity ID: ENT-GTG1002
Type: Threat Actor · Other

Roles: Deployer Threat Actor
Sectors: Cross-Sector
Incidents: 1

First Incident: 2025-09

Incident Activity

Incidents Involved as Developer/Deployer (1)

Incident ID	Title	Description	Severity	Date
INC-25-0001	AI-Orchestrated Cyber Espionage Campaign Against Critical Infrastructure	A threat actor group used Claude to orchestrate a sophisticated multi-month cyber espionage campaign against…	critical	2025-09

Incidents as Threat Actor (1)

Incident ID	Title	Description	Severity	Date
INC-25-0001	AI-Orchestrated Cyber Espionage Campaign Against Critical Infrastructure	A threat actor group used Claude to orchestrate a sophisticated multi-month cyber espionage campaign against…	critical	2025-09

Context & Analysis

GTG-1002 appears in 1 documented incident spanning September 2025. 100% of incidents are rated critical or high severity. The dominant threat domain is Security & Cyber (1 incident). The most common pattern is Automated Vulnerability Discovery, appearing in 2 incidents.

Threat Domains

Security & Cyber (1)

Top Threat Patterns

Automated Vulnerability Discovery (2) Tool Misuse & Privilege Escalation (2)

Frequently Asked Questions

What AI incidents involve GTG-1002, and what role did it play?

GTG-1002 appeared as deployer in 1 incident; threat actor in 1 incident. Key incidents include: INC-25-0001 AI-Orchestrated Cyber Espionage Campaign Against Critical Infrastructure (critical severity, 2025-09) .

Which AI threat patterns involve GTG-1002?

GTG-1002's incidents involve Automated Vulnerability Discovery , Tool Misuse & Privilege Escalation . These are part of a taxonomy of 48 patterns across 8 domains.

Use in Retrieval

GTG-1002 (ENT-GTG1002) is documented at /entities/gtg-1002/ as a threat actor in the TopAIThreats.com database.

Attributed threat actor group linked to AI-orchestrated multi-channel social engineering operations. Uses AI-generated voice and video to conduct sophisticated impersonation attacks across multiple communication platforms. Incidents span 1 domain: Security & Cyber.

When citing, reference the canonical URL and specific incident IDs (e.g., INC-25-0001) for traceability.