The Cloud Under Siege: 136% Intrusion Spike
The first half of 2025 has seen an explosive 136% increase in cloud intrusions compared to the entire year before—a figure that has set off alarms across the cybersecurity landscape. This is not a slow-burning evolution; it’s a dramatic shift in cyberwarfare tactics powered by the widespread adoption of artificial intelligence (AI) and the willingness of state-aligned groups and eCrime actors to push into new digital battlegrounds.
Security experts warn: “Every AI agent is a superhuman identity: autonomous, fast, and deeply integrated, making them high-value targets.” The implication? Traditional security strategies won’t cut it in a world where machine identities can be hijacked at scale.
Chinese Threat Groups: Strategic and Persistent
Chinese cyber espionage groups, notably Genesis Panda and Murky Panda, are at the vanguard of this surge, accounting for 40% of new cloud attacks. These groups have demonstrated exceptional skill in exploiting cloud misconfigurations and weaknesses in trusted relationships—such as those between partners, suppliers, and cloud service providers. Their methods are quietly sophisticated: establishing persistence, moving laterally, and harvesting credentials to exfiltrate sensitive data over the long term.
This marks a critical inflection point. Chinese adversaries are leveraging stealthier, bolder, and more automated operations, regularly targeting sectors ranging from telecommunications to finance.
The Rise of AI-Powered, Malware-Free Intrusions
CrowdStrike reports that 81% of interactive intrusions are now malware-free, up 27% from 2024. Instead of relying on traditional malicious software, attackers manually exploit cloud and identity systems—often without leaving a trace for antivirus programs to catch.
Generative AI has turbocharged these operations. North Korea’s Famous Chollima group stands out for using GenAI to generate fake résumés, engineer deepfake video interviews, and even deliver technical work through bogus identities. Over 320 organizations fell victim to them in just one year—a staggering 220% increase in successful infiltrations.
This hands-on-keyboard approach transforms classic insider threats into scalable, persistent campaigns. The margins for error have shrunk sharply, and adversaries can deploy custom tactics instantly.
Scattered Spider: Ransomware at Machine Speed
The Scattered Spider eCrime group, already notorious for big-game ransomware and data extortion, has upped the ante—moving from initial credential theft to full ransomware deployment in under 24 hours (32% faster than in 2024). Their weapons of choice? Voice phishing (vishing) and help desk impersonation, techniques designed to bypass multifactor authentication and exploit human factors within organizations.
In the first half of 2025 alone, vishing attacks far surpassed all of 2024, registering a phenomenal 442% increase during the previous year’s back half.
Now Targeting: AI Infrastructure
It’s not just that adversaries are using AI—the battlefront now includes AI agents and infrastructure as prime targets. Threat actors have actively exploited tools for building enterprise AI, stealing credentials, dropping malware, and in some cases, even compromising autonomous workflows at the heart of business operations.
Security experts warn: “Every AI agent is a superhuman identity: autonomous, fast, and deeply integrated, making them high-value targets.” The implication? Traditional security strategies won’t cut it in a world where machine identities can be hijacked at scale.
Defending Against the New Cyber Onslaught
CrowdStrike’s report issues a clarion call:
Adopt phishing-resistant multifactor authentication to block the deluge of social engineering attempts.
Strengthen help desk protocols—the new weak link in cloud credential defense.
Integrate real-time monitoring for anomalous activity spanning cloud, identity, and AI agent systems.
Organizations must shift from static defenses to proactive, AI-driven cybersecurity frameworks—embracing automation not just for business, but for relentless defense.
2025 marks the year cyberattacks became faster, smarter, and more relentless—driven by a perfect storm of AI innovation and global threat actor collaboration. The message for technology companies and enterprises is clear: When adversaries move this quickly and adaptively, security must not just keep up, but stay a step ahead.
