CrowdStrike Report Warns of AI-Powered Cyber Threats in 2025

AI Weaponization on the Rise

Adversaries are increasingly weaponizing AI to scale operations, accelerate attacks, and target autonomous AI agents in modern businesses. The CrowdStrike 2025 Threat Hunting Report reveals how threat actors are using AI to:

• Automate tasks like malware development and technical problem-solving.
• Gain unauthorized access, steal credentials, and deploy malware.
• Exploit vulnerabilities in AI software to expand the attack surface.

Notably, FAMOUS CHOLLIMA, a DPRK-nexus adversary, infiltrated over 320 companies in the past year—a 220% increase—by using generative AI (GenAI) for resume creation, deepfake video interviews, and AI-powered coding tools.

Cross-Domain Attacks and Cloud Vulnerabilities

Adversaries are bypassing traditional defenses to move across endpoint, identity, cloud, and unmanaged systems. Key findings include:

• SCATTERED SPIDER resurfaced with faster tradecraft, using vishing and help desk impersonation to bypass MFA and deploy ransomware in under 24 hours.
• Cloud intrusions surged 136% in H1 2025 compared to all of 2024, with China-nexus actors like GENESIS PANDA exploiting misconfigurations.
• Identity attacks are critical, with adversaries using stolen PII to impersonate employees and pivot to SaaS applications.

Key Trends and Statistics

The report highlights alarming trends:

• 81% of interactive intrusions were malware-free.
• eCrime accounted for 73% of interactive intrusions.
• Vishing attacks are on track to double in volume by end of 2025.
• Government sector intrusions rose 71% YoY, with targeted intrusions up 185%.

Prolific Threat Actors

CrowdStrike now tracks 265+ named adversaries and 150+ activity clusters, including:

• EMBER BEAR and CHARMING KITTEN: Using GenAI for pro-Russia narratives and phishing lures.
• GLACIAL PANDA: Driving a 130% rise in telecom-sector espionage.

Recommendations and Resources