THREATNOIR
Subscribe
Back to Feed
Threat IntelligenceApr 22, 2026

We identified an exposed server that provided unusual visibility into a large-scale, multi-victim...

Exposed server reveals large-scale multi-victim exploitation operation using Claude Code and OpenClaw.

Read at source

Summary

Security researchers discovered an exposed server belonging to threat actors conducting a widespread multi-victim exploitation and collection campaign. Artifacts on the host indicated the operators were using Claude Code and OpenClaw tools as part of their operational workflow for troubleshooting and attack activities.

Indicators of Compromise

  • malware — OpenClaw
  • malware — Claude Code

Entities

Claude Code (technology)