1 hour ago
2
Chinese state-linked hackers posed the biggest espionage threat to technology companies over the past year, particularly in the artificial intelligence (AI) and intellectual property (IP) sectors, according to a new report from cybersecurity firm CrowdStrike.
The “Technology Threat Landscape” report, published on June 9, aimed to provide a deep dive into the latest threats targeting the global technology sector, which it described as “the most targeted sector” by electronic crime (eCrime).
“The technology sector remains a top target for eCrime and state-sponsored adversaries,” said CrowdStrike. “Cutting-edge innovation, valuable IP, and a central role in trusted digital ecosystems makes the industry attractive for financial gain, intelligence collection, supply chain access, and ransomware operations.”
Among the key findings of the report was that, between April 1, 2025, and March 31, 2026, North America-based technology organizations experienced the highest level of targeting from both cybercrime and state-sponsored threat actors, accounting for 45% of all “hands-on-keyboard” intrusions targeting the sector.
China seeking competitive advantage
The United States has the world’s largest and most valuable tech market; it is no surprise that it bore the brunt of the attacks. What is more telling is where these attacks originated, which accounted for many of the report’s other key findings.
“Among state-sponsored threat actors, China-nexus adversaries posed the highest intelligence collection threat to technology entities,” read the report. “Their operations aligned with the People’s Republic of China (PRC)’s strategic priorities. Their activity is driven by sustained interest in technology development, intellectual property, and information with strategic and economic value that aligns with the Chinese Communist Party (CCP)’s intelligence collection priorities.”
China is the world’s second-most-valuable tech market, which may suggest that these seeming state-linked corporate espionage cyberattacks are part of a concerted effort to close the gap with the U.S. tech sector and regain a competitive edge.
This is certainly a view shared by the White House Office of Science and Technology Policy, which said in an April 23 memorandum that “foreign entities, principally based in China, are engaged in deliberate, industrial-scale campaigns to distill U.S. frontier AI systems.”
In the letter, Michael Kratsios, Assistant to the President for Science and Technology Director at the Office of Science and Technology Policy, went on to accuse China of “leveraging tens of thousands of proxy accounts to evade detection and using jailbreaking techniques to expose proprietary information.”
He warned that “these coordinated campaigns systematically extract capabilities from American AI models, exploiting American expertise and innovation.”
However, a spokesperson for the Chinese Embassy in Washington swiftly denied allegations of state-led corporate espionage, saying, “China opposes hacking activities and fights such activities in accordance with the law.”
As reported by Reuters, the spokesperson rejected the “vilification and smears under the pretext of cybersecurity” and suggested that China and the U.S. need to work together on AI development and governance, adding that during President Donald Trump’s recent visit to China, “the two heads of state had constructive exchanges on AI and agreed to launch government-to-government dialogue on AI.”
This week’s CrowdStrike report appears to contradict China’s protestations but also suggests that the Eastern superpower isn’t the only source of global cyberthreats in the tech sector.
Rogue states seeking recourse
Russia, Iran, and North Korea, three of the most sanctioned countries in the world, accounted for a significant proportion of the cyberthreats, according to the report. These states may have different motivations and tactics—North Korea focusing on IT worker infiltration and supply chain compromise, to boost state coffers and fund missile programs; while the U.S.-Iran conflict has shifted the latter’s operations from espionage toward disruption and destruction, but the results amount to a heightened threat to the global tech sector.
When it comes to North Korea, CrowdStrike particularly highlighted the infamous state-linked “FAMOUS CHOLLIMA” threat actor, known for conducting “extensive IT worker infiltration operations” and targeting the technology sector through fraudulent employment at technology entities across North America, Europe, and Asia.
The report noted that their operations alone accounted for 47% of all state-sponsored hands-on-keyboard operations targeting the technology sector during the reporting period.
Meanwhile, CrowdStrike suggested that Russian and Iranian attackers “likely share some overlapping motives for targeting the U.S. technology sector, including achieving access for conducting future intelligence operations and supporting their own domestic technology development.”
Whatever the motivation, the result is the same; thus, technology firms need to improve their defenses and responses to attacks.
CrowdStrike rounded off its report by offering five recommendations for technology firms to protect themselves in this most targeted of sectors: defend against social engineering, fraudulent employment, and identity abuse; secure developer workflows and the software supply chain; eliminate blind spots across cloud, email, and virtual infrastructure; prepare for data theft, extortion, and disruptive operations; and prioritize intelligence-led defense and proactive hunting.
Watch: AI Is a Must-Have for Businesses
English (US) · 