Key Takeaways
1. Surge in Cloud-Based Intrusions: There was a 136% increase in cloud-based attacks in the first half of 2025 compared to all of 2024, indicating rapid adaptation by attackers to exploit cloud environments.
2. Complexity of Attacks: Interactive and hands-on keyboard attacks rose by 27% year-over-year, with 73% linked to financially motivated e-crime actors, emphasizing the growth of ransomware-as-a-service models.
3. Rise in Vishing and Social Engineering: Vishing attacks surged by 442% from 2024 and are becoming a major strategy for e-crime groups, allowing quick transitions from account takeovers to ransomware deployment.
4. National Espionage Threats: There was a 130% increase in nation-state activities targeting telecommunications by actors tied to China, and a 185% rise in government sector intrusions linked to Russian adversaries.
5. Generative AI in Cyber Attacks: Generative AI is being used by threat actors to create fake identities and breach companies, with a notable increase in attacks by DPRK-aligned groups utilizing AI tools for various malicious purposes.
CrowdStrike’s recent 2025 Threat Hunting Report reveals a concerning trend in the evolving threat environment. Between January and June 2025, the OverWatch team noted a remarkable 136 percent increase in cloud-based intrusions compared to all of 2024. This rapid escalation illustrates how quickly attackers are learning to exploit workloads, services, and control-plane assets within public and hybrid-cloud setups.
Rising Complexity of Intrusions
Moreover, interactive and hands-on keyboard attacks are becoming more prevalent and sophisticated. CrowdStrike recorded a 27 percent rise in these types of intrusions year-over-year, with 73 percent attributed to financially motivated e-crime actors. This highlights the lucrative nature of ransomware-as-a-service models and access-broker marketplaces.
Vishing and Social Engineering Tactics
Voice phishing, commonly known as vishing, has rapidly emerged as a major e-crime strategy. From the first half to the second half of 2024, attacks surged by 442 percent, and in the first six months of 2025, these incidents have already exceeded the previous year’s total. Groups such as SCATTERED SPIDER are adept at using social-engineering techniques along with stolen credentials to transition from initial account takeovers to ransomware deployment in just 24 hours, which is 32 percent faster than in 2024.
National Espionage Threats
Concerns about national-level espionage persist. Operators with ties to China contributed to a 130 percent rise in nation-state activities targeting telecommunications, while adversaries linked to Russia were responsible for the majority of the 185 percent increase in intrusions within the government sector. According to CrowdStrike’s analysts, sophisticated actors like BLOCKADE SPIDER and OPERATOR PANDA utilize cross-domain tactics, swiftly moving from identity to endpoint to cloud, allowing them to stay hidden until late in the attack.
The Role of Generative AI
The report highlights that generative AI has become an essential driver for various campaigns. It specifically mentions DPRK-aligned FAMOUS CHOLLIMA, which managed to breach over 320 companies during this period, marking an estimated 220 percent year-on-year increase. They utilized large-language-model services to create fake résumés, deepfake identities, and even crafted real-time answers during interviews. Once successful in securing jobs, these impostors leverage AI coding assistants and translation tools to handle multiple remote developer positions, all while stealing intellectual property.
Recommendations for Enhanced Security
CrowdStrike suggests implementing stronger identity-verification processes during hiring, conducting real-time deepfake checks during interviews, closely monitoring remote access activities, and consistently hunting for threats across identity, endpoint, and cloud telemetry. While defenders are increasingly adopting their own machine-learning systems, the vendor warns that AI models should be trained on reliable, curated data to prevent them from being poisoned or manipulated.
Source:
Link
Leave a Reply