CrowdStrike's 2025 threat landscape: The rise of AI-powered attacks

CrowdStrike's 2025 Threat Hunting Report unveils the evolution of cyberattacks as adversaries harness GenAI targeting autonomous AI agents.

CrowdStrike's latest report provides a vivid overview of emerging cyber threats as adversaries exploit the power of Gen AI to scale attacks. The focus has shifted towards sophisticated strategies targeting autonomous AI agents reshaping enterprises.

The report notes that adversaries have begun operationally leveraging GenAI for diverse malpractices: from creating forged documents to deepfake-engaged interviews. This technological leverage transforms traditional threats into highly scalable operations.

  • FAMOUS CHOLLIMA: This North Korean adversary automates insider attack programs using GenAI for tasks ranging from creating fake resumes to performing technical tasks under false identities.
  • EMBER BEAR: Utilising Gen AI to bolster pro-Russian narratives.
  • CHARMING KITTEN: Iranian adversary engaging in LLM-crafted phishing attacks aimed at U.S. and European targets.

Our reliance on agentic AI exposes vulnerabilities as threat actors exploit tools cultivating AI agents. They leverage vulnerabilities to gain unauthorised access, harvest sensitive credentials, and deploy malware.

Increasingly, eCrime syndicates capitalise on Gen AI to develop sophisticated scripts and malware which previously would have required advanced expertise. Groups like Funklocker and SparkCat exemplify this burgeoning trend of Gen AI-engineered cyber threats.

SCATTERED SPIDER has re-emerged with refocused initiatives, employing visual deception tactics and rapidly executing breaches across cloud infrastructures. Notably, a reported incident witnessed full ransomware deployment in less than a day from initial access.

With a significant surge in cloud-based intrusions — a rise of 136% — China-linked adversaries such as GENESIS PANDA and MURKY PANDA have notably influenced this increase through misconfigurations and trusted accesses.

“The AI era has redefined how businesses operate, and how adversaries attack. We’re seeing threat actors use GenAI to scale social engineering, accelerate operations, and lower the barrier to entry for hands-on-keyboard intrusions,” said Adam Meyers, head of counter adversary operations at CrowdStrike. “At the same time, adversaries are targeting the very AI systems organisations are deploying. Every AI agent is a superhuman identity: autonomous, fast, and deeply integrated, making them high-value targets. Adversaries are treating these agents like infrastructure, attacking them the same way they target SaaS platforms, cloud consoles, and privileged accounts. Securing the AI that powers business is where the cyber battleground is evolving.”

DXC Technology and Boomi partner to redefine enterprise automation with AI, focusing on...
Dealbooster Ai launches its intelligent virtual sales trainer to boost team performance using...
Sage launches an innovative analytics engine to enhance HR decision-making, improve employee...
DFL partners with ServiceNow to enhance Bundesliga's digital landscape, boosting automation and...
Explore the pressing issues faced by IT teams as highlighted in JumpCloud's latest report.
BlueSnap partners with Commerce to enhance BigCommerce B2B Edition with integrated ERP and AR...
m3ter enhances AWS Marketplace support, allowing ISVs to deploy complex pricing models with ease,...
Capacity Europe 2025 returns to London, uniting global digital infrastructure leaders to forge...