A new report out today from CrowdStrike Holdings Inc. has revealed a dramatic escalation in adversary sophistication, with cloud-focused attacks, identity-driven intrusions and generative artificial intelligence adoption driving a major shift in the cybersecurity threat landscape.
The findings come from the CrowdStrike 2025 Threat Hunting report, based on a year of data through June 30 from the company’s OverWatch managed threat hunting operations, threat intelligence team and telemetry across the CrowdStrike Falcon platform. The report is being released to coincide with the annual Black Hat USA 2025 conference this week in Las Vegas.
Headlining the report was a finding that interactive intrusions rose 27% year-over-year between July 2024 and June 2025, with a highly surprising 81% of attacks found to be malware-free. CrowdStrike said the shift away from leading with malware signals a move toward stealthier techniques such as credential abuse, lateral movement and defense evasion.
Formal adversaries, such as e-crime groups and advanced persistent threat groups, were found to have accounted for 73% of all interactive intrusions. Groups such as Scattered Spider and Curly Spider are running high-volume campaigns across multiple sectors.
Cloud environments remained a popular target, with CrowdStrike observing a 136% increase in cloud intrusions in the first half of 2025 alone, compared with all of 2024.
The observed threat groups were found to demonstrate advanced tactics such as exploiting misconfigurations, abusing instance metadata services and using cloud control planes for lateral movement and persistent access. One group, Genesis Panda, was found to be using cloud infrastructure to host payloads and exfiltrate data, highlighting the growing sophistication of allegedly state-aligned attackers.
The government and telecommunications sectors were also popular targets. The report detailed a 185% spike in government-targeted attacks, largely driven by Russia-linked groups such as Primitive Bear and a 130% jump in telecommunications intrusions. The sectors were found to remain high-value targets due to their access to sensitive data, infrastructure and potential downstream impact.
The report also, and not surprisingly, highlights the increasingly strategic use of generative AI by adversaries. The North Korea-linked hacking group Famous Chollima emerged as the most generative AI-proficient actor, conducting more than 320 insider threat operations in the past year. Operatives from the group reportedly used AI tools to craft compelling resumes, generate real-time deepfakes for video interviews and automate technical work across multiple jobs.
Scattered Spider, which made headlines in 2024 when one of its key members was arrested in Spain, returned in 2025 with voice phishing and help desk social engineering that bypasses multifactor authentication protections to gain initial access.
In one case highlighted in the report, Scattered Spider operatives moved from account compromise to ransomware deployment in just 24 hours, 32% faster than their average in 2024. The group’s ability to compromise privileged accounts and pivot across software-as-a-service platforms, identity systems and cloud infrastructure is said in the report to reflect a growing trend of adversaries exploiting cross-domain blind spots.
The report makes a number of recommendations, including advising organizations to implement phishing-resistant MFA, isolate privileged accounts and strengthen help desk protocols to guard against social engineering. Organizations are also advised to implement continuous monitoring, if they haven’t done so already, to detect anomalous behavior such as unusual login times, privilege escalations and atypical data access.
Image: News/Reve
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
News Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of News, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — News Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, News Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
