Kaspersky's 2025 Compromise Assessments reveal systemic detection failures, with threat actor dwell times reaching four years and 52% of high-severity breaches persisting beyond 90 days. Concurrent research into Anthropic's Claude Code highlights a critical data exfiltration vector where the tool captures confidential files and session data, leading to corporate bans by organizations like Alibaba. Technical artifacts include the NSABuffMiner crypto-mining malware and AI-driven exfiltration mechanisms, indicating a dual threat of long-term persistent compromises and emergent AI-driven supply chain leakage across government (29%) and financial (17%) sectors.
-
Detection Failures: Dwell Time Analysis
- Maximum identified dwell time reached four years, indicating a critical gap in continuous monitoring.
- 30.8% of all undetected breaches persisted over 90 days, rising to 52% for high-severity incidents.
- Highest impact seen in government (29%), education (19%), and financial (17%) sectors.
-
Regional Threats and Malware Profile
- Geographic concentration of "silent" compromises focused on META, APAC, and CIS regions.
- Identification of NSABuffMiner, a crypto-mining payload utilized for long-term resource exploitation.
- Evidence suggests a trend of low-and-slow persistence to evade traditional EDR/XDR alerting.
-
AI Supply Chain Risk: Anthropic Claude Code
- Claude Code discovered capturing confidential local files and session data without explicit intent.
- AI-driven exfiltration vectors enable the inadvertent transmission of corporate IP to external LLM providers.
- Tooling designed for productivity introduced unplanned data leakage paths into the development lifecycle.
-
Corporate Response and Legal Implications
- Alibaba implemented a total ban on Claude Code citing spyware and data exfiltration concerns.
- Legal counsel (Bean Kinney) raised alarms regarding AI "clean rooms" and data privacy compliance.
- Shift in corporate policy toward restricting AI coding assistants to isolated, air-gapped environments.
-
Defensive Strategic Implications
- Necessity of periodic Compromise Assessments (CA) to uncover persistent threats that bypass real-time detection.
- Urgent requirement for strict egress filtering and sandboxing of AI-integrated development tools.
- Implementation of zero-trust architectures to mitigate the impact of long-term credential theft and persistence.
Related posts
- TechNadu — Kaspersky: Undetected Cyberattacks Lasted Up to Four Years in 2025 Compromise Assessments, Claude Code Captured Confidential Files
- Kaspersky Securelist — Missed incidents, persistent threats, and response gaps: Insights from compromise assessment projects
- Youtube
- Zscaler
- Beankinney
- Coder
- Bitdefender
- Scmp
- Letsdatascience
- Content