A new report from Crowdstrike, the cybersecurity firm, reveals that China-nexus cyber adversaries are growing their operations, as seven new ones were identified in 2024. In its research, Crowdstrike also found that attacks in financial services, media, manufacturing and industrial sectors are soaring up to 300 per cent.
The Crowdstrike report, the 2025 Global Threat Report, has exposed the growing aggression of China’s cyber operations, a surge in GenAI-powered social engineering and nation-state vulnerability research and exploitation, and a sharp increase in malware-free, identity-based attacks.
Adversaries worldwide are weaponising AI-generated deception, exploiting stolen credentials and increasingly executing cross-domain attacks—exploiting gaps across endpoint, cloud and identity—to bypass security controls and operate undetected in the shadows.
The shift to malware-free intrusions that exploit trusted access, combined with record-shattering breakout times, leaves defenders little room for error. To stop modern attacks, security teams need to eliminate visibility gaps, detect adversary movement in real-time and stop attacks before they escalate—because once they’re inside, it’s already too late.
Tracking more than 250 named adversaries and 140 emerging activity clusters, CrowdStrike’s latest research reveals that AI is driving a lot of the fraudulent cyber attacks. According to the report, AI fueled voice phishing (vishing) attacks by 442 per cent between H1’24 and H2’24.
It also identified some key crime groups that have been leveraging social engineering to steal credentials, establish remote sessions and evade detection.
“China’s increasingly aggressive cyber espionage, combined with the rapid weaponisation of AI-powered deception, is forcing organisations to rethink their approach to security,” said Adam Meyers, head of counter-adversary operations at CrowdStrike.
“Adversaries exploit identity gaps, leverage social engineering and move across domains undetected—rendering legacy defenses ineffective. Stopping breaches requires a unified platform powered by real-time intelligence and threat hunting, correlating identity, cloud and endpoint activity to eliminate the blind spots where adversaries hide.”
Attacks aren’t solely from China
While there are numerous findings from the report that suggest China’s cyber espionage is a major threat, it also identifies other concerns.
In Iran for example, the report found that nexus actors are increasingly exploring GenAI for vulnerability research, exploit development and patching domestic networks, aligning with government-led AI initiatives.
Revealing the impact of some cyberattacks in 2024, Crowdstrike reveals that DPRK-nexus adversary famous Chollima was behind 304 incidents uncovered in 2024. Forty per cent involved insider threat operations, with adversaries operating under the guise of legitimate employment to gain system access and carry out malicious activity.
Concerns across the globe
There were some other notable findings from the report which were not specifically tied to a country. Generally speaking, Crowdstrike identified a surge in malware-free attacks. In fact, 79 per cent of attacks to gain initial access are now malware-free, while access broker advertisements surged 50 per cent YoY. Adversaries exploited compromised credentials to infiltrate systems as legitimate users, moving laterally undetected with hands-on keyboard activities.
Crowdstrike also found that the average e-crime breakout time dropped to 48 minutes, with the fastest recorded at 51 seconds—leaving defenders little time to react. Furthermore, new and unattributed cloud intrusions increased by 26 per cent YoY. Valid account abuse is the primary initial access tactic, accounting for 35 per cent of cloud incidents in H1 2024.
Fifty-two per cent of vulnerabilities observed were related to initial access, reinforcing the critical need to secure entry points before adversaries establish persistence. To help firms deal with this, Crowdstrike has launched Crowdstrike Falcon, which targets adversary-driven cyber attacks. Specifically, it delivers AI-powered protection, real-time threat intelligence and expert threat hunting.
