2025 CrowdStrike Global Threat Report: China’s Cyber Espionage Surges 150% with Increasingly Aggressive Tactics, Weaponization of AI-powered Deception Rises
CrowdStrike (NASDAQ: CRWD) has released its 2025 Global Threat Report, revealing alarming trends in cybersecurity threats. The report highlights a 150% increase in China's cyber espionage operations, with targeted attacks in key sectors rising up to 300%.
Key findings include a 442% surge in voice phishing between H1 and H2 2024, driven by AI-powered social engineering. The report also shows that 79% of initial access attacks are now malware-free, while access broker advertisements increased 50% year-over-year.
Other significant findings include:
- Average eCrime breakout time decreased to 48 minutes
- 26% year-over-year increase in cloud intrusions
- 52% of observed vulnerabilities related to initial access
- 304 incidents linked to DPRK-nexus adversary FAMOUS CHOLLIMA, with 40% involving insider threats
CrowdStrike (NASDAQ: CRWD) ha pubblicato il suo Rapporto Globale sulle Minacce 2025, rivelando tendenze allarmanti nelle minacce informatiche. Il rapporto evidenzia un aumento del 150% nelle operazioni di spionaggio informatico della Cina, con attacchi mirati in settori chiave che sono aumentati fino al 300%.
I risultati principali includono un aumento del 442% nel phishing vocale tra il primo e il secondo semestre del 2024, alimentato da tecniche di ingegneria sociale potenziate dall'IA. Il rapporto mostra anche che il 79% degli attacchi di accesso iniziale è ora privo di malware, mentre le pubblicità degli intermediari di accesso sono aumentate del 50% rispetto all'anno precedente.
Altri risultati significativi includono:
- Il tempo medio di violazione dell'eCrime è diminuito a 48 minuti
- Aumento del 26% anno su anno nelle intrusioni nel cloud
- Il 52% delle vulnerabilità osservate è relativo all'accesso iniziale
- 304 incidenti collegati all'avversario legato alla DPRK FAMOUS CHOLLIMA, con il 40% che coinvolge minacce interne
CrowdStrike (NASDAQ: CRWD) ha publicado su Informe Global sobre Amenazas 2025, revelando tendencias alarmantes en las amenazas cibernéticas. El informe destaca un aumento del 150% en las operaciones de espionaje cibernético de China, con ataques dirigidos en sectores clave que han aumentado hasta un 300%.
Los hallazgos clave incluyen un aumento del 442% en el phishing vocal entre el primer y el segundo semestre de 2024, impulsado por la ingeniería social potenciada por IA. El informe también muestra que el 79% de los ataques de acceso inicial ahora están libres de malware, mientras que los anuncios de corredores de acceso aumentaron un 50% interanual.
Otros hallazgos significativos incluyen:
- El tiempo promedio de violación de eCrime se redujo a 48 minutos
- Aumento del 26% interanual en intrusiones en la nube
- El 52% de las vulnerabilidades observadas están relacionadas con el acceso inicial
- 304 incidentes vinculados al adversario de la DPRK FAMOUS CHOLLIMA, con un 40% involucrando amenazas internas
CrowdStrike (NASDAQ: CRWD)는 2025년 글로벌 위협 보고서를 발표하며 사이버 보안 위협의 경고 신호를 드러냈습니다. 이 보고서는 중국의 사이버 스파이 작전이 150% 증가했다고 강조하며, 주요 분야에서의 표적 공격이 300%까지 증가했다고 합니다.
주요 발견 사항으로는 2024년 상반기와 하반기 사이에 음성 피싱이 442% 급증했다는 것이 있으며, 이는 AI 기반의 사회 공학에 의해 촉발되었습니다. 또한 보고서는 초기 접근 공격의 79%가 이제 악성 코드가 없다고 보여주며, 접근 중개인 광고가 전년 대비 50% 증가했다고 합니다.
기타 중요한 발견 사항은 다음과 같습니다:
- eCrime의 평균 침입 시간은 48분으로 감소
- 클라우드 침입이 전년 대비 26% 증가
- 관찰된 취약점의 52%가 초기 접근과 관련
- DPRK 관련 적대 세력 FAMOUS CHOLLIMA와 연결된 304건의 사건, 이 중 40%가 내부 위협과 관련
CrowdStrike (NASDAQ: CRWD) a publié son Rapport Mondial sur les Menaces 2025, révélant des tendances alarmantes en matière de cybersécurité. Le rapport souligne une augmentation de 150% des opérations d'espionnage cybernétique de la Chine, avec des attaques ciblées dans des secteurs clés augmentant jusqu'à 300%.
Les principales conclusions incluent une augmentation de 442% du phishing vocal entre le premier et le deuxième semestre 2024, alimentée par l'ingénierie sociale propulsée par l'IA. Le rapport montre également que 79% des attaques d'accès initial sont désormais sans malware, tandis que les annonces des courtiers d'accès ont augmenté de 50% d'une année sur l'autre.
D'autres résultats significatifs incluent:
- Le temps moyen d'intrusion d'eCrime a diminué à 48 minutes
- Augmentation de 26% des intrusions dans le cloud d'une année sur l'autre
- 52% des vulnérabilités observées sont liées à l'accès initial
- 304 incidents liés à l'adversaire FAMOUS CHOLLIMA, lié à la DPRK, dont 40% impliquent des menaces internes
CrowdStrike (NASDAQ: CRWD) hat seinen Global Threat Report 2025 veröffentlicht, der alarmierende Trends in der Cybersicherheit aufzeigt. Der Bericht hebt einen 150%igen Anstieg der Cyber-Spionageoperationen Chinas hervor, wobei gezielte Angriffe in Schlüsselbereichen um bis zu 300% gestiegen sind.
Wichtige Erkenntnisse umfassen einen 442%igen Anstieg von Voice-Phishing zwischen dem ersten und dem zweiten Halbjahr 2024, angetrieben durch KI-gesteuerte soziale Ingenieurtechnik. Der Bericht zeigt auch, dass 79% der Angriffe auf den Erstzugang jetzt malwarefrei sind, während die Anzeigen von Zugangsvermittlern im Jahresvergleich um 50% gestiegen sind.
Weitere wichtige Erkenntnisse sind:
- Die durchschnittliche Ausbruchzeit von eCrime ist auf 48 Minuten gesunken
- 26%iger Anstieg der Cloud-Einbrüche im Jahresvergleich
- 52% der beobachteten Schwachstellen stehen im Zusammenhang mit dem Erstzugang
- 304 Vorfälle, die mit dem DPRK-nahen Gegner FAMOUS CHOLLIMA verbunden sind, wobei 40% interne Bedrohungen betreffen
- Strong market positioning in identifying and tracking cyber threats
- Enhanced AI-powered protection capabilities through Falcon platform
- Comprehensive threat intelligence covering 250+ named adversaries
- Rapidly evolving threat landscape requiring constant platform updates
- Increasing sophistication of malware-free attacks challenging detection
- Growing complexity of cyber threats from state-sponsored actors
Insights
CrowdStrike's 2025 Global Threat Report reveals significant shifts in the threat landscape that directly validate the company's business strategy and market positioning. The 150% surge in Chinese cyber espionage targeting critical industries, combined with the 442% increase in AI-powered vishing attacks, creates substantial tailwinds for CrowdStrike's growth trajectory.
The report's most financially significant finding is the dramatic shift toward malware-free attacks (now 79% of initial access breaches) and cross-domain threats that exploit gaps across endpoint, cloud, and identity. This trend directly validates CrowdStrike's unified platform approach and investments in identity protection—a key differentiator from competitors still offering fragmented security solutions.
For enterprise customers, the record-breaking breakout time of just 48 minutes (with the fastest at 51 seconds) creates urgency to adopt platforms capable of real-time detection and automated response. This pressure will likely accelerate migration away from legacy security vendors toward comprehensive platforms like Falcon.
From an investor perspective, these findings suggest CrowdStrike is well-positioned to capture increased security spending, particularly in the identity protection segment where traditional endpoint solutions fall short. The report effectively demonstrates why enterprises need CrowdStrike's integrated approach rather than point solutions from multiple vendors.
While the report serves as effective marketing for CrowdStrike's solutions, it also highlights genuine security trends that create legitimate business opportunities. As organizations recognize the inadequacy of traditional security approaches against these evolved threats, CrowdStrike's platform strategy becomes increasingly compelling for both new customer acquisition and expanded module adoption among existing customers.
CrowdStrike's 2025 Global Threat Report strategically reinforces the company's expanding market opportunity while highlighting why enterprises need their unified platform approach. The documented 150% surge in Chinese cyber operations and shift toward malware-free attacks directly supports CrowdStrike's expansion beyond endpoint security.
From a revenue perspective, these findings particularly validate CrowdStrike's strategic push into identity protection—a high-growth segment with
The report's emphasis on cross-domain attacks also strengthens CrowdStrike's competitive positioning against both legacy endpoint vendors and point-solution providers. While competitors like SentinelOne and Microsoft are also expanding their platforms, CrowdStrike's threat intelligence capabilities—demonstrated through this report—provide a significant differentiation that justifies their premium pricing.
For investors, these threat trends suggest CrowdStrike can maintain strong growth despite its
However, competition remains intense. Microsoft continues leveraging its installed base to gain security market share, while Palo Alto Networks offers an alternative platform approach. The key financial metric to watch will be gross margins, which could face pressure as CrowdStrike expands into adjacent security segments that may have different economics than their core endpoint business.
The industry’s preeminent source on adversary intelligence exposes a
At the same time, adversaries worldwide are weaponizing AI-generated deception, exploiting stolen credentials and increasingly executing cross-domain attacks—exploiting gaps across endpoint, cloud and identity—to bypass security controls and operate undetected in the shadows. The shift to malware-free intrusions that exploit trusted access, combined with record-shattering breakout times, leaves defenders little room for error. To stop modern attacks, security teams need to eliminate visibility gaps, detect adversary movement in real-time and stop attacks before they escalate—because once they’re inside, it’s already too late.
CrowdStrike Global Threat Report Highlights
Tracking more than 250 named adversaries and 140 emerging activity clusters, CrowdStrike’s latest research reveals:
-
China’s Cyber Espionage Grows More Aggressive: CrowdStrike identified seven new
China -nexus adversaries in 2024, fueling a150% surge in espionage attacks, with critical industries seeing up to a300% spike in targeted attacks. -
GenAI Supercharges Social Engineering: AI-driven phishing and impersonation tactics fueled a
442% increase in voice phishing (vishing) between H1 and H2 2024. Sophisticated eCrime groups like CURLY SPIDER, CHATTY SPIDER and PLUMP SPIDER leveraged social engineering to steal credentials, establish remote sessions and evade detection. -
Iran Utilizes GenAI for Vulnerability Research and Exploitation: In 2024,
Iran -nexus actors increasingly explored GenAI for vulnerability research, exploit development and patching domestic networks, aligning with government-led AI initiatives. -
From Breaking In to Logging In – Surge in Malware-Free Attacks:
79% of attacks to gain initial access are now malware-free while access broker advertisements surged50% YoY. Adversaries exploited compromised credentials to infiltrate systems as legitimate users, moving laterally undetected with hands-on keyboard activities. -
Insider Threats Continue to Rise: DPRK-nexus adversary FAMOUS CHOLLIMA was behind 304 incidents uncovered in 2024.
40% involved insider threat operations, with adversaries operating under the guise of legitimate employment to gain system access and carry out malicious activity. - Breakout Time Hits Record Speed: The average eCrime breakout time dropped to 48 minutes, with the fastest recorded at 51 seconds—leaving defenders little time to react.
-
Cloud Environments Under Siege: New and unattributed cloud intrusions increased by
26% YoY. Valid account abuse is the primary initial access tactic, accounting for35% of cloud incidents in H1 2024. -
Unpatched Vulnerabilities Remain a Key Target:
52% of vulnerabilities observed were related to initial access, reinforcing the critical need to secure entry points before adversaries establish persistence.
“China’s increasingly aggressive cyber espionage, combined with the rapid weaponization of AI-powered deception, is forcing organizations to rethink their approach to security,” said Adam Meyers, head of counter adversary operations at CrowdStrike. “Adversaries exploit identity gaps, leverage social engineering and move across domains undetected—rendering legacy defenses ineffective. Stopping breaches requires a unified platform powered by real-time intelligence and threat hunting, correlating identity, cloud and endpoint activity to eliminate the blind spots where adversaries hide.”
CrowdStrike pioneered adversary-driven cybersecurity through the CrowdStrike Falcon® cybersecurity platform, which delivers AI-powered protection, real-time threat intelligence and expert threat hunting to secure identity, cloud and endpoint as the gold standard in cybersecurity. Leveraging innovative behavioral AI and machine learning trained on industry-leading threat intelligence and trillions of security events, CrowdStrike delivers real-time protection against advanced threats, providing comprehensive visibility and protection across the entire attack lifecycle.
Additional Resources:
- Download the 2025 CrowdStrike Global Threat Report.
- Visit CrowdStrike’s Adversary Universe for the internet’s definitive source on adversaries.
- Listen to the Adversary Universe podcast to glean insights into threat actors and recommendations to amplify security practices.
About CrowdStrike
CrowdStrike (NASDAQ: CRWD), a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data.
Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.
Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.
CrowdStrike: We stop breaches.
Learn more: https://www.crowdstrike.com/
Follow us: Blog | Twitter | LinkedIn | Facebook | Instagram
Start a free trial today: https://www.crowdstrike.com/free-trial-guide/
© 2025 CrowdStrike, Inc. All rights reserved. CrowdStrike and CrowdStrike Falcon are marks owned by CrowdStrike, Inc. and are registered in
View source version on businesswire.com: https://www.businesswire.com/news/home/20250227012922/en/
Jake Schuster
CrowdStrike Corporate Communications
press@crowdstrike.com
Source: CrowdStrike
FAQ
What is the percentage increase in China's cyber espionage attacks according to CrowdStrike's 2025 report?
How much did AI-driven voice phishing (vishing) attacks increase in 2024?
What percentage of cyberattacks are now malware-free according to CRWD's 2025 report?
What is the average breakout time for eCrime attacks in 2025?
How much did cloud intrusions increase according to CrowdStrike's latest report?
