CrowdStrike has published a report saying technology companies are now the world's most targeted industry for cyber intrusions. China-linked groups accounted for more than 58% of state-sponsored targeted intrusions against the sector, it said.
Attackers are increasingly pursuing artificial intelligence research, models and other intellectual property held by technology businesses. The findings draw on intelligence from Counter Adversary Operations, which tracks more than 280 named adversaries.
According to the report, AI assets concentrated inside technology groups have made the sector a priority target for state-backed espionage, criminal extortion and supply-chain attacks. It also points to a rise in attacks on the software and developer ecosystems used to build and distribute AI-related products.
Among the China-linked groups cited, CrowdStrike named MURKY PANDA, MUSTANG PANDA, OVERCAST PANDA, SUNRISE PANDA and WARP PANDA as heavily focused on technology targets. MURKY PANDA's password-spraying campaign alone affected more than 340 US-based entities, the report said.
North Korea-linked activity also featured prominently. CrowdStrike said FAMOUS CHOLLIMA used AI-enhanced personas and US front companies to obtain remote IT roles inside technology firms. These operations accounted for 47% of all state-sponsored interactive intrusions against the sector.
Such schemes generated revenue for the North Korean regime, according to CrowdStrike. The report added that synthetic or AI-assisted identities had become part of a broader effort to place operatives inside organisations rather than simply breach them from outside.
Criminal activity
Financially motivated attacks accounted for 65% of all interactive operations against technology organisations, the report said. It also found that initial access brokers advertised access to 277 technology organisations, up nearly 30%.
Extortion activity remained prominent, with big game hunting adversaries listing 572 technology entities on leak sites used to pressure victims into paying.
The report also highlighted the use of AI by cybercriminal groups to automate parts of their operations. Adversaries used AI-generated scripts to dump credentials and erase forensic evidence more quickly, reducing the time available for defenders to respond, CrowdStrike said.
Beyond targeted intrusions into corporate networks, attackers are also exploiting growing interest in AI tools among users and developers, according to the company. It cited the distribution of a macOS information stealer known as Skrawl through fake OpenClaw extensions and counterfeit download sites designed to resemble legitimate AI tools.
Developer targets
The report also described attacks on software supply chains. CrowdStrike said STARDUST CHOLLIMA compromised the Axios NPM package, which it said is downloaded 100 million times a week, potentially exposing large numbers of downstream users.
In a separate case, malware operators compromised 350 GitHub repositories to inject malicious code into JavaScript and Python projects before CrowdStrike disrupted the Glassworm botnet. These incidents show how developer environments and open-source software repositories are becoming central points of risk, the company said.
That focus on developers reflects a broader shift in the threat landscape. Attackers are seeking to compromise the tools, libraries and workflows behind software creation, not just the finished products used by customers. In practice, a breach at this layer can affect many organisations at once.
Adam Meyers, Head of Counter Adversary Operations at CrowdStrike, said the concentration of AI assets inside technology firms had changed the economics of cyber espionage and crime. "Technology organizations are building the most valuable and most targeted assets in the world. Every AI breakthrough creates a competitive advantage and new attack surface at the same time," Meyers said.
He said the findings showed how cyber operations were being used to narrow national technology gaps. "China runs cyberespionage as industrial policy to try to close the AI innovation gap, demonstrating that AI capabilities are the prize adversaries are after. Whether you're building AI or adopting it, security has to be built in from the start," Meyers said.