CrowdStrike’s Threat Hunting Report: AI-Driven Cyber Threats

Although once billed as cyber’s next greatest opportunity, protecting entities from malicious actors, AI is now one of its biggest existential risks.

CrowdStrike’s 2025 Threat Hunting Report shows the picture of evolving cyber threats facilitated by AI adoption and utilised by cyber adversaries.

It finds that cyber criminals have weaponised Gen AI to deceive, penetrate and maintain persistence within enterprise environments at rapid pace and scale.

This year, the report conveys an “arms race” in cyber operations, with both eCrime and nation state actors adopting Gen AI to accelerate speed, scale and deception in their attacks.

CrowdStrike’s insights on AI-driven cyber threats

CrowdStrike’s report provides a concerning view of the modern challenges facing cybersecurity through the lens of AI advancements.

Over the past year, interactive intrusions — characterised by active breaches where attackers modify tactics in real time — have increased by 27%. This, CrowdStrike notes, shows the ability of adversaries to innovate in order to evade legacy detection methods.

An intriguing statistic from CrowdStrike reveals that 81% of these intrusions were malware-free, with threat actors increasingly simulating legitimate users within networks.

eCrime, primarily motivated by financial profit, constitutes nearly three-quarters of these intrusions, while nation state adversaries are leveraging AI to conduct espionage and access sensitive information.

Transformation through Gen AI

Gen AI, according to CrowdStrike, plays a central role in transforming cyber threats today.

North Korea-linked FAMOUS CHOLLIMA is particularly notable, as its operatives employ Gen AI to create synthetic résumés, perform deepfake interviews and utilise AI code assistants for technical tasks while assuming fake identities.

In the past year alone, more than 320 companies were infiltrated — a 220% surge — with many never realising the insider threat was enhanced by AI.

These North Korean IT operatives conceal language deficiencies and juggle multiple roles, relying on Gen AI tools for communication and task management, frequently bypassing detection during recruitment and daily tasks.

The scope of AI's influence also extends beyond insider threats, with Russian and Iranian adversaries exploiting large language models (LLMs) to generate persuasive phishing bait and information operations.

Through AI-crafted campaigns, misinformation is amplified, exemplified by Russian EMBER BEAR’s pro-Kremlin narratives and Iran-linked CHARMING KITTEN’s multilingual phishing schemes targeting Western organisations.

Furthermore, CrowdStrike highlights a new phase for malware, identifying cases like FunkLocker and SparkCat, where AI aids in automating script creation, resolving technical issues and selecting images for exfiltration.

Re-evaluating cyber defence mechanisms

A potentially concerning development identified by CrowdStrike is the diminishing effectiveness of conventional cyber defences.

The report uncovers methods employed by groups such as SCATTERED SPIDER, who sidestep endpoint detection entirely.

These tactics involve impersonating employees in vishing — voice phishing — attacks, exploiting support channels to reset passwords and multi-factor authentication and quickly moving through cloud and SaaS infrastructures.

In a significant case, this group managed to proceed from initial account breach to executing ransomware within 24 hours — 33% faster than their previous best rate the prior year.

According to CrowdStrike, cloud environments have now become primary targets.

The first half of 2025 witnessed a 136% surge in cloud intrusions, with actors linked to China, such as GENESIS PANDA and MURKY PANDA, taking advantage of misconfigurations and trusted relationships to migrate across entities.

Telecommunications firms, in particular, have endured a 130% increase in nation-state activity, as attackers pursue extensive intelligence-gathering missions that are both enduring and severely impactful.

Given this scenario, CrowdStrike advocates a revision of the defensive strategy.

Organisations are encouraged to integrate AI defensively, utilising AI not merely as a detection tool, but to deploy systems capable of autonomous analysis of alerts, investigation of indicators and threat hunting across endpoints, cloud and identity platforms.

Additionally, user education and process resilience are emphasised as vital — help desks and employees must be equipped to recognize social engineering efforts that now conflate human cunning with AI precision.