Latest news with #2025ThreatHuntingReport
Techday NZ
04-08-2025
- Techday NZ
CrowdStrike report warns of GenAI driving surge in cyberattacks
CrowdStrike has released its 2025 Threat Hunting Report detailing how adversaries are using generative AI (GenAI) to enhance and scale cyberattacks, with a particular focus on emerging threats to autonomous AI systems within enterprises. The report draws on intelligence from CrowdStrike's team of threat hunters and analysts, surveying attacks by over 265 known adversary groups. The findings highlight how attack vectors are evolving with increased automation and use of AI, as well as the targeting of AI-driven systems themselves. AI-powered attacks According to the report, GenAI-built malware is now operational, with lower-tier cybercriminals and hacktivist groups utilising AI to generate scripts, troubleshoot technical issues, and develop new forms of malware. Early examples cited include attacks named Funklocker and SparkCat, which underscore how the barrier to entry for sophisticated cybercrime has been lowered. China-linked adversaries have driven a significant increase in attacks on cloud infrastructure, accounting for 40% of a 136% rise in such incidents during the first half of 2025. The report notes that actors like GENESIS PANDA and MURKY PANDA exploited cloud misconfigurations and access privileges to carry out attacks, while GLACIAL PANDA focused on embedding itself in telecommunications networks, leading to a 130% year-over-year surge in nation-state activity in that sector. Accelerating social engineering Beyond technical exploits, the report outlines how AI is being leveraged to automate social engineering campaigns. FAMOUS CHOLLIMA, a North Korea-linked group, used GenAI to generate fraudulent résumés, create deepfake videos for interviews, and complete technical assignments under assumed identities. This group reportedly infiltrated more than 320 companies worldwide, constituting a 220% year-over-year increase. The report also references Russia-linked EMBER BEAR's amplification of pro-Russia narratives and Iran-linked CHARMING KITTEN's deployment of phishing emails crafted with large language models targeting US and EU organisations. AI agents: A new target The rise of agentic AI - autonomous AI agents handling key business workflows - has created new opportunities for attackers. Several threat actors have reportedly exploited vulnerabilities in the tools used to build and manage these agents. Access was gained through unauthenticated channels, followed by credential harvesting, malware deployment, and ransomware installation. According to CrowdStrike, this marks the emergence of AI systems, and the identities they use, as a key part of the enterprise attack surface. "The AI era has redefined how businesses operate, and how adversaries attack. We're seeing threat actors use GenAI to scale social engineering, accelerate operations, and lower the barrier to entry for hands-on-keyboard intrusions. At the same time, adversaries are targeting the very AI systems organizations are deploying. Every AI agent is a superhuman identity: autonomous, fast, and deeply integrated, making them high-value targets. Adversaries are treating these agents like infrastructure, attacking them the same way they target SaaS platforms, cloud consoles, and privileged accounts. Securing the AI that powers business is where the cyber battleground is evolving," said Adam Meyers, Head of Counter Adversary Operations at CrowdStrike. Trend observations The report also highlights the resurgence of the SCATTERED SPIDER group, which has accelerated its use of identity-based attacks across multiple domains. The group's tactics in 2025 included using phone-based social engineering (vishing) and impersonation of help desk personnel to reset credentials, bypass multi-factor authentication measures, and deploy ransomware in less than 24 hours after gaining initial access. CrowdStrike's data shows a clear trend of increased adversary sophistication with the use of AI-enabled tools, not only for direct attacks but also for the exploitation of cloud, SaaS, and AI agent infrastructure. This shift is rapidly transforming both the methods and preferred targets of cybercriminal and nation-state actors. The report suggests that as enterprises further integrate AI agents into their operations, additional security measures are required to safeguard these autonomous, non-human identities and workflows from being compromised or manipulated.
Business Wire
04-08-2025
- Business
- Business Wire
2025 CrowdStrike Threat Hunting Report: Adversaries Weaponize and Target AI at Scale
AUSTIN, Texas & LAS VEGAS--(BUSINESS WIRE)--Black Hat USA 2025-- CrowdStrike (NASDAQ: CRWD) today released the 2025 Threat Hunting Report, highlighting a new phase in modern cyberattacks: adversaries are weaponizing GenAI to scale operations and accelerate attacks – and increasingly targeting the autonomous AI agents reshaping enterprise operations. The report reveals how threat actors are targeting tools used to build AI agents – gaining access, stealing credentials, and deploying malware – a clear sign that autonomous systems and machine identities have become a core part of the enterprise attack surface. CrowdStrike Threat Hunting Report Highlights Based on frontline intelligence from CrowdStrike's elite threat hunters and intelligence analysts tracking more than 265 named adversaries, the report reveals: Adversaries Weaponize AI at Scale: DPRK-nexus adversary FAMOUS CHOLLIMA used GenAI to automate every phase of its insider attack program. From building fake resumes and conducting deepfake interviews to completing technical tasks under false identities – AI-powered adversary tradecraft is transforming traditional insider threats into scalable, persistent operations. Russia-nexus adversary EMBER BEAR used GenAI to amplify pro-Russia narratives and Iran-nexus adversary CHARMING KITTEN deployed LLM-crafted phishing lures targeting U.S. and EU entities. Agentic AI Is the New Attack Surface: CrowdStrike observed multiple threat actors exploiting vulnerabilities in tools used to build AI agents, gaining unauthenticated access, establishing persistence, harvesting credentials, and deploying malware and ransomware. These attacks demonstrate how the agentic AI revolution is reshaping the enterprise attack surface – turning autonomous workflows and non-human identities into the next frontier of adversary exploitation. GenAI-built Malware Becomes Reality: Lower-tier eCrime and hacktivist actors are abusing AI to generate scripts, solve technical problems, and build malware – automating tasks that once required advanced expertise. Funklocker and SparkCat are early proof points that GenAI-built malware is no longer theoretical, it's already operational. SCATTERED SPIDER Accelerates Identity-Based, Cross-Domain Attacks: The group resurged in 2025 with faster and more aggressive tradecraft – leveraging vishing and help desk impersonation to reset credentials, bypass MFA, and move laterally across SaaS and cloud environments. In one incident, the group moved from initial access to encryption by deploying ransomware in under 24 hours. China-nexus Adversaries Drive Continued Surge in Cloud Attacks: Cloud intrusions rose 136%, with China-linked adversaries responsible for 40% of increased activity, as GENESIS PANDA and MURKY PANDA evaded detection through cloud misconfigurations and trusted access. 'The AI era has redefined how businesses operate, and how adversaries attack. We're seeing threat actors use GenAI to scale social engineering, accelerate operations, and lower the barrier to entry for hands-on-keyboard intrusions,' said Adam Meyers, head of counter adversary operations at CrowdStrike. 'At the same time, adversaries are targeting the very AI systems organizations are deploying. Every AI agent is a superhuman identity: autonomous, fast, and deeply integrated, making them high-value targets. Adversaries are treating these agents like infrastructure, attacking them the same way they target SaaS platforms, cloud consoles, and privileged accounts. Securing the AI that powers business is where the cyber battleground is evolving.' Additional Resources: Download the 2025 CrowdStrike Threat Hunting Report. Visit CrowdStrike's Adversary Universe for the internet's definitive source on adversaries. Listen to the Adversary Universe podcast to glean insights into threat actors and recommendations to amplify security practices. To learn more about the 2025 CrowdStrike Threat Hunting Report, read our blog, visit us online, or stop by the CrowdStrike Black Hat booth #2733. About CrowdStrike CrowdStrike (NASDAQ: CRWD), a global cybersecurity leader, has redefined modern security with the world's most advanced cloud-native platform for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data. Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities. Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value. CrowdStrike: We stop breaches. © 2025 CrowdStrike, Inc. All rights reserved. CrowdStrike and CrowdStrike Falcon are marks owned by CrowdStrike, Inc. and are registered in the United States and other countries. CrowdStrike owns other trademarks and service marks and may use the brands of third parties to identify their products and services.
