Report Reveals Sharp Increase in Malware-Free Intrusions, AI-Driven Social Engineering, and Nation-State Cyber Operations
CrowdStrike has released its 2025 Global Threat Report, exposing a dramatic escalation in cyber threats, including a 150% increase in China-backed cyber espionage, a surge in AI-powered social engineering attacks, and a significant rise in malware-free, identity-based intrusions.
The report highlights that China-nexus adversaries have intensified state-sponsored cyber operations, with targeted attacks on financial services, media, manufacturing, and industrial sectors rising by up to 300%. At the same time, adversaries worldwide are leveraging Generative AI (GenAI) for deception-based cyberattacks, particularly in phishing and impersonation scams.
“China’s cyber operations and AI-driven attacks are evolving at an alarming pace. Organizations must rethink their security strategies.”
Key Findings from the 2025 CrowdStrike Global Threat Report:
- China’s Cyber Espionage Becomes More Aggressive – Seven new China-nexus adversaries emerged in 2024, contributing to a 150% spike in cyber operations targeting key industries.
- AI-Driven Social Engineering on the Rise – Voice phishing (vishing) increased 442% as cybercriminal groups such as CURLY SPIDER, CHATTY SPIDER, and PLUMP SPIDER exploited AI to steal credentials.
- Nation-State Exploitation of AI – Iranian hackers used GenAI for vulnerability research, exploit development, and securing their networks.
- Malware-Free Attacks Surge – 79% of cyber intrusions now bypass traditional malware, with attackers exploiting stolen credentials to infiltrate systems undetected.
- DPRK Insider Threats Escalate – FAMOUS CHOLLIMA, a North Korea-linked group, was responsible for 304 cyber incidents in 2024, with 40% involving insider threats.
- Breakout Time Hits Record Lows – The average time for adversaries to move within compromised networks fell to 48 minutes, with the fastest breakout recorded at 51 seconds.
- Cloud Attacks Intensify – Unauthorized cloud intrusions rose 26% year-over-year, with compromised accounts being the primary access point.
Expert Take:
Adam Meyers, Head of Counter Adversary Operations at CrowdStrike, warned that organizations must rethink their cybersecurity strategies in response to evolving threats.
“China’s increasingly aggressive cyber espionage, combined with the rapid weaponization of AI-powered deception, is forcing organizations to adapt. Attackers are exploiting identity gaps, leveraging AI-driven social engineering, and moving undetected across domains. Traditional security measures are no longer enough—stopping breaches requires real-time intelligence, proactive threat hunting, and a unified cybersecurity platform.”