The group compromised at least 10 regional organizations, including two state-owned entities, and deployed a new backdoor.
Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.