CrowdStrike’s 2025 Global Threat Report highlights a sharp increase in cyber activity linked to China, alongside a rising adoption of GenAI and escalating attacks on cloud infrastructure. The report delivers a stark warning to business leaders: underestimating adversaries comes at a significant cost.
Threat actors are evolving, becoming more sophisticated and methodical, leveraging advanced technologies like AI and machine learning not only to bolster their attacks but to commodify these tools for cybercriminal networks.
GenAI, for instance, is now widely exploited by state-sponsored actors, eCrime groups, and hacktivists. They weaponize commonly used enterprise tools — like chatbots — to execute highly effective social engineering campaigns.
Among nation-states in particular, China–nexus activity has surged by 150% overall, says CrowdStrike – one of many rapidly growing threats businesses must work hard to stay ahead of by reinforcing and fortifying their cybersecurity postures as we move through 2025.
China’s Cyber Expansion
CrowdStrike reveals a significant escalation in China-linked cyber operations, with state-sponsored attacks increasing by 150%. Targeted intrusions into sectors like finance, media, manufacturing, and industry spiked by as much as 300%.
The research identified seven new China-linked advanced persistent threat (APT) groups in 2024, five of which displayed unique, highly specialized tactics. This evolution signals a shift from the so-called “smash-and-grab” attacks to highly targeted, mission-driven intrusions.
“China’s increasingly aggressive cyber espionage, combined with the rapid weaponisation of AI-powered deception, is forcing organisations to rethink their approach to security,” says Adam Meyers, head of counter-adversary operations at CrowdStrike.
“Adversaries exploit identity gaps, leverage social engineering and move across domains undetected—rendering legacy defences ineffective. Stopping breaches requires a unified platform powered by real-time intelligence and threat hunting, correlating identity, cloud and endpoint activity to eliminate the blind spots where adversaries hide.”
Multi-faceted threat landscape
Beyond nation-state activity, CrowdStrike’s findings reveal growing vulnerabilities in cloud environments. Unattributed cloud intrusions rose by 26% in 2024, with attackers exploiting valid credentials to gain internal access and move laterally within systems. Misconfigurations, weak access controls, and cloud infrastructure flaws remain prime entry points.
Identity-based attacks surged as well, with 75% of breaches now malware-free. Adversaries increasingly leverage stolen credentials to impersonate legitimate users, navigating networks undetected. Underground forums saw a 20% increase in the trade of valid credentials, while AI-fueled phishing and voice scams surged by 442%.
GenAI Accelerating Attack Speed
Attackers are moving faster than ever. CrowdStrike reports that the average breakout time — the window before adversaries start lateral movement — dropped to just 48 minutes in 2025, with the fastest observed time at 51 seconds.
GenAI played a pivotal role in this acceleration. Notable examples include fake IT job candidates infiltrating companies and AI-powered disinformation campaigns orchestrated by Chinese, Russian, and Iranian groups to disrupt elections.
Preparing for 2025 and Beyond
In light of these evolving threats, business leaders must adopt a proactive, holistic approach to cybersecurity. This includes:
- Unified security platforms: Integrating identity, endpoint, and cloud security with real-time threat intelligence.
- Enhanced IAM practices: Implementing multi-factor authentication (MFA), regularly auditing user privileges, and continuously monitoring for anomalous access.
- AI-powered defense tools: Investing in security technologies capable of identifying and neutralizing AI-driven attacks.
- Employee training & response planning: Equipping teams to recognize evolving threats and rehearsing incident response strategies.
CrowdStrike’s 2025 Threat Report makes one thing clear: the cyber threat landscape is more dynamic than ever, and organizations must stay vigilant to outpace increasingly adaptive adversaries.
Source: CrowdStrike
