惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

雷峰网
雷峰网
Security Archives - TechRepublic
Security Archives - TechRepublic
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Last Week in AI
Last Week in AI
博客园 - 司徒正美
阮一峰的网络日志
阮一峰的网络日志
WordPress大学
WordPress大学
爱范儿
爱范儿
J
Java Code Geeks
T
Tailwind CSS Blog
Apple Machine Learning Research
Apple Machine Learning Research
人人都是产品经理
人人都是产品经理
宝玉的分享
宝玉的分享
博客园 - 【当耐特】
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Help Net Security
Help Net Security
Hacker News: Ask HN
Hacker News: Ask HN
月光博客
月光博客
S
Secure Thoughts
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
博客园 - 聂微东
Hugging Face - Blog
Hugging Face - Blog
V
Visual Studio Blog
博客园 - 三生石上(FineUI控件)
O
OpenAI News
酷 壳 – CoolShell
酷 壳 – CoolShell
N
News and Events Feed by Topic
腾讯CDC
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Webroot Blog
Webroot Blog
博客园 - Franky
有赞技术团队
有赞技术团队
美团技术团队
Jina AI
Jina AI
S
Security @ Cisco Blogs
博客园 - 叶小钗
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
博客园_首页
C
CERT Recently Published Vulnerability Notes
T
Threat Research - Cisco Blogs
Project Zero
Project Zero
A
Arctic Wolf
大猫的无限游戏
大猫的无限游戏
Latest news
Latest news
小众软件
小众软件
IT之家
IT之家
S
Security Affairs

Blog

CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike Why AI Projects Stall and How CIOs Can Respond | CrowdStrike CrowdStrike Leads 2026 Frost Radar for Cloud Runtime Security CrowdStrike Expands Identity Leadership with OpenID and IDPro June 2026 Patch Tuesday: Updates and Analysis | CrowdStrike CrowdStrike and Zscaler Bring Continuous Identity Security to Zero Trust Access 3 Principles to Safely Scale Agentic AI | CrowdStrike ISO 42001:2023 and the New Reality of Cloud AI Data Risk How to Stop AI-Driven Data Loss | CrowdStrike CrowdStrike and NVIDIA Bring Enterprise-Grade Security to AI Factory CrowdStrike and NVIDIA Collaboration Scales AI-Native Agents Secure Shadow AI at the Control Plane with Falcon for IT CrowdStrike Named Leader in 2026 Gartner Magic Quadrant for Endpoint Protection Shadow AI: The Hidden Risk Expanding Across the Enterprise CrowdStrike Named a Leader in Identity Threat Detection and Response Inside CrowdStrike’s Takedown of a Developer-Targeting Botnet Measuring AI-Enabled Success: 3 Trackable KPIs New Claude Integration Brings Audit Data to Falcon Platform How to Protect Identities and Sessions from Infostealers Now Live: CrowdStrike 2026 Financial Services Threat Landscape Report Falcon AIDR Detects Threats at Prompt Layer in Kubernetes AI Apps May 2026 Patch Tuesday: Updates and Analysis | CrowdStrike AI Threat Detection with Automated Leads | CrowdStrike CrowdStrike Named a Leader in Gartner Magic Quadrant for Cyberthreat Intelligence CrowdStrike Launches Falcon OverWatch for Defender CrowdStrike Technical Risk Assessments Reveal Common Exposure Patterns Tune In: The Future of AI-Powered Vulnerability Discovery Defending Against CORDIAL SPIDER and SNARKY SPIDER CrowdStrike Expands ChatGPT Enterprise Integration CrowdStrike Named a Leader in 2026 Frost & Sullivan Radar for CNAPP CrowdStrike Expands Real-Time CDR to Google Cloud CrowdStrike Falcon Cloud Security Delivers 264% ROI CrowdStrike Falcon Platform Achieves 441% ROI in Three Years CrowdStrike Introduces Shadow AI Visibility Service How Defenders Must Respond to Frontier AI | CrowdStrike Frontier AI for Defenders: CrowdStrike and OpenAI TAC April 2026 Patch Tuesday: Updates and Analysis | CrowdStrike How CrowdStrike Accelerates Exposure Evaluation Against Threats | Blog STARDUST CHOLLIMA Likely Compromises Axios npm Package Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Detecting CVE-2026-20929: Kerberos Relay Attack via DNS CNAME Abuse How Charlotte AI Agentworks Fuels Security's Agentic Ecosystem CrowdStrike Flex for Services Expands Access to Elite Security Expertise Falcon Data Security Secures Data Wherever It Lives and Moves CrowdStrike Advances CNAPP with Adversary-Informed Risk Prioritization CrowdStrike Services and Agentic MDR Put Agentic SOC in Reach
CrowdStrike 2026 Report: China Fuels Attacks on Tech
Counter Adversary Operations · 2026-06-09 · via Blog

The technology sector has, for the past several years, been the most targeted industry among eCrime and state-sponsored adversaries whose motivations span financial gain, long-term intelligence collection, and industrial espionage.

Modern tech companies are building the world’s most valuable and targeted assets. Their cutting-edge innovations, now including AI, represent competitive advantage and heightened risk. Adversaries are taking aim, and defenders that understand them are best equipped to stop them. 

The CrowdStrike 2026 Technology Threat Landscape Report, based on intelligence from the CrowdStrike Counter Adversary Operations team, details the trends and events that defined the technology threat landscape from April 1, 2025 through March 31, 2026. Its analysis reveals which adversaries target tech entities, and the methods they use, so organizations can prepare to face an evolving threat landscape.;

Learn more: Download the CrowdStrike 2026 Technology Threat Landscape Report

Nation-State Adversaries Set Sights on Technology

Based on observed targeting patterns, more than 58% of state-sponsored targeted intrusions were attributed to China-nexus adversaries, which also posed the greatest intelligence collection threat to tech organizations. Adversaries including MURKY PANDA, MUSTANG PANDA, OVERCAST PANDA, SUNRISE PANDA, and WARP PANDA targeted the tech sector more than any other industry.

Their operations appear to be driven by interest in technology development, intellectual property, and information aligning with the Chinese Communist Party’s intelligence collection goals. According to CrowdStrike threat intelligence, China’s strategic imperative is to achieve technological self-sufficiency and competitive advantage in key emerging technologies, so AI capabilities are likely a high-value target for them. In addition to this data, China-nexus adversaries seek access to downstream customer environments that can enable supply chain compromise. 

Instances of China-nexus cyber activity against the tech sector:

  • SUNRISE PANDA consistently targeted tech entities in East and Southeast Asia, particularly mail infrastructure that may provide access to government communications.
  • MURKY PANDA conducted password-spraying attacks against more than 340 primarily U.S.-based organizations across sectors, with tech among the most affected. 
  • WARP PANDA repeatedly targeted North American tech organizations, where they exploited vulnerabilities and maintained persistent access.

China-nexus adversaries aren’t the only nation-state actors infiltrating tech companies. CrowdStrike observed the Democratic People’s Republic of Korea (DPRK) adversaries including FAMOUS CHOLLIMA, LABYRINTH CHOLLIMA, and STARDUST CHOLLIMA also targeted the technology sector — historically a key target for DPRK insider threat activity due to remote, high-salary roles. 

FAMOUS CHOLLIMA accounted for 47% of all state-sponsored hands-on-keyboard operations against the tech sector, meaning they were most active in manual operations over traditional malware. In their IT worker infiltration campaigns, they sought fraudulent employment at tech companies across North America, Europe, and Asia. Our findings indicate their primary motivation is financial gain; revenue from these attacks goes toward the regime.

DPRK-nexus adversaries also pursued supply chain compromise: STARDUST CHOLLIMA compromised the Axios npm package, downloaded 100 million times per week, in operations that likely exposed millions of downstream users and poisoned open-source supply chains. 

eCrime Adversaries Accelerate Extortion Operations

Tech entities are a key target for eCrime adversaries due to opportunities to disrupt operations and their vast stores of monetizable information. eCrime activity made up 65% of hands-on-keyboard operations targeting tech. Initial access brokers advertised access to 277 technology companies, a nearly 30% increase that indicates heightened demand for identity-driven access. 

Most big game hunting (BGH) activity targeted North America-based technology entities. BGH adversaries named 572 technology organizations on dedicated leak sites for extortion, far surpassing other sectors. In the same time frame, BGH adversaries named only 16 law enforcement and nine defense organizations. 

Instances of eCrime activity against the tech sector:

  • Multiple eCrime threat actors used OpenClaw-related lures to distribute malware, exploiting the surge in AI adoption. A February 2026 campaign distributed a new macOS information stealer via fake OpenClaw skills.
  • The Crimson Collective group claimed to access and steal data from the private code repositories of a software development company; they purportedly accessed 570GB of data across 28,000 projects.
  • An unknown threat actor operating Glassworm malware compromised 350 GitHub repositories to inject malicious code.

The technology sector is one of the most, if not the most, persistently targeted industries in the global threat landscape. Tech organizations must be aware of threats to best prepare to face them. The CrowdStrike 2026 Technology Threat Landscape Report provides CrowdStrike’s observations of the themes and trends that defined this sector. Download the full report to understand how today’s adversaries are targeting tech and how to strengthen defenses. 

Additional Resources