Nation-State Hackers Play the Vibes

Who Knew APT Hackers Liked Emojis So Much? Mathew J. Schwartz (euroinfosec) • March 5, 2026

All the nation-state hackers are vibe coding.

See Also: Why HSMs Are Critical to Digital Asset Security

Not all, exactly - but enough so that the trend of using generative artificial intelligence to slap together functional code has become visibly adopted even among hackers who have government backing.

One proponent of the vibeware approach appears to be a Pakistani threat group tracked as APT36, aka Transparent Tribe, which regularly targets Indian government entities and diplomats, says a Thursday report from Bitdefender.

The firm's attribution of these strains of vibe-coded malware to APT36 isn't iron-clad, but is based on observing well-known APT36 tools, tactics and procedures. Pakistani hackers used vibeware as a "hybrid" fallback for well-known tools such as the open-source Havoc framework for command and control and a shellcode loader called Warcode ...