CrowdStrike sees AI innovation driving new wave of cyber espionage

Insider Spotlight

• China-linked groups account for more than 58 percent of state-sponsored targeted intrusions against technology firms
• North Korean operatives use AI-enhanced personas to infiltrate tech companies through remote IT jobs
• Cybercriminals increasingly weaponize AI and exploit software supply chains to scale attacks and extortion
  
  
  

Technology companies have become the world's most targeted industry as nation-state and cybercriminal groups intensify efforts to steal artificial intelligence capabilities, intellectual property and access to software ecosystems, according to CrowdStrike's 2026 Technology Threat Landscape Report released on June 9.

The cybersecurity firm said China-linked adversaries were responsible for more than 58 percent of state-sponsored targeted intrusions against the technology sector, reflecting Beijing's push to acquire AI-related innovations through cyberespionage. 

Technology companies now hold some of the world's most valuable AI assets, making them prime targets for foreign intelligence operations and financially motivated attacks.

Why it matters

The findings highlight growing risks facing companies developing and deploying AI technologies. As organizations race to build advanced AI systems, threat actors are increasingly targeting not only the technology itself but also the tools, developers and supply chains supporting innovation.

CrowdStrike identified several China-nexus groups, including Murky Panda Mustang Panda, Overcast Panda, Sunrise Panda, and Warp Panda, as among the most active adversaries targeting the sector. 

The report noted that Murky Panda’s password-spraying campaign alone affected more than 340 U.S.-based organizations.

North Korean actors also expanded operations targeting technology firms. CrowdStrike said Famous Chollima used AI-enhanced personas and U.S.-based front companies to secure remote IT positions inside organizations, accounting for 47 percent of all state-sponsored interactive intrusions against the sector. 

Revenue generated from these schemes was allegedly funneled to the regime's weapons programs.

By the numbers

Financially motivated attacks represented 65 percent of all interactive operations against technology companies. Initial access brokers advertised access to 277 technology organizations, nearly 30 percent more than the previous period, while extortion groups listed 572 technology entities on dedicated leak sites.

"Technology organizations are building the most valuable and most targeted assets in the world. Every AI breakthrough creates a competitive advantage and new attack surface at the same time," CrowdStrike head of counter adversary operations Adam Meyers said in a press statement. 

"China runs cyberespionage as industrial policy to try to close the AI innovation gap, demonstrating that AI capabilities are the prize adversaries are after. Whether you're building AI or adopting it, security has to be built in from the start," he added.

The report also warned that cybercriminals are using AI-generated tools to accelerate credential theft, erase forensic evidence and compromise software supply chains, further raising the stakes for technology companies worldwide. —Vanessa Hidalgo| Ed: Corrie S. Narisma