CrowdStrike’s, a cybersecurity company, latest report shows the increasing aggression of China-linked cyber operations and the growing use of AI-generated deception in cyberattacks. The report also found that attackers are shifting away from traditional malware, instead using stolen credentials to infiltrate systems undetected.
According to CrowdStrike, China-backed cyber activities surged by 150% in 2024, with targeted attacks on financial services, media, manufacturing, and industrial sectors increasing by as much as 300%. The company identified seven new China-linked cyber groups last year, further fueling espionage efforts.
“China’s increasingly aggressive cyber espionage, combined with the rapid weaponization of AI-powered deception, is forcing organizations to rethink their approach to security,” said Adam Meyers, head of counter adversary operations at CrowdStrike.
Social engineering
AI-driven social engineering has also become a growing threat. The report found a 442% increase in voice phishing, or “vishing,” in the second half of 2024, as cybercriminals used AI to impersonate trusted individuals. Groups such as Curly Spider, Chatty Spider, and Plump Spider used these tactics to steal login credentials and access systems remotely.
Iranian cyber actors have also been using AI to improve their hacking methods, focusing on researching software vulnerabilities and developing exploits.
The report highlights a shift toward malware-free attacks, with 79% of breaches now involving stolen credentials rather than malicious software. Cybercriminals have increasingly relied on access brokers — who sell stolen login details — leading to a 50% increase in such transactions in the past year.
North Korea
North Korean hackers have also been active, with the report linking 304 incidents in 2024 to the DPRK-nexus group Famous Chollima. About 40% of these incidents involved insiders, where hackers posed as legitimate employees to gain access to systems.
Another worrying trend is the speed at which attackers act. The average time for cybercriminals to expand their access within a breached network, known as “breakout time,” has dropped to 48 minutes. The fastest recorded attack took just 51 seconds.
Cloud security remains a major concern, with unauthorized cloud intrusions rising by 26% last year. Attackers primarily exploited valid user accounts to gain access, with 35% of cloud breaches occurring this way.
Unpatched software vulnerabilities also remain a key entry point for cyberattacks, with 52% of exploited weaknesses allowing initial access into systems.
“Adversaries exploit identity gaps, leverage social engineering, and move across domains undetected — rendering legacy defenses ineffective,” Meyers said. “Stopping breaches requires a unified platform powered by real-time intelligence and threat hunting.”