Startups & Business News

Cloud Cyberattacks Surge 136% in 2025: AI and Global Threats Reshape Security

futureTEKnow
August 5, 2025

KEY POINTS

Cloud-based cyberattacks surged 136% in early 2025, with Chinese state-backed hackers responsible for 40% of the increase.
Adversaries weaponize AI for large-scale, malware-free intrusions and now directly target enterprise AI systems and autonomous agents.
North Korean and Chinese groups lead innovation, using generative AI for deepfake recruitment, persistent espionage, and supply chain exploits.
Ransomware deployment is faster than ever, driven by aggressive social engineering and AI automation.

The Cloud Under Siege: 136% Intrusion Spike

The first half of 2025 has seen an explosive 136% increase in cloud intrusions compared to the entire year before—a figure that has set off alarms across the cybersecurity landscape. This is not a slow-burning evolution; it’s a dramatic shift in cyberwarfare tactics powered by the widespread adoption of artificial intelligence (AI) and the willingness of state-aligned groups and eCrime actors to push into new digital battlegrounds.

Security experts warn: “Every AI agent is a superhuman identity: autonomous, fast, and deeply integrated, making them high-value targets.” The implication? Traditional security strategies won’t cut it in a world where machine identities can be hijacked at scale.

Chinese Threat Groups: Strategic and Persistent

Chinese cyber espionage groups, notably Genesis Panda and Murky Panda, are at the vanguard of this surge, accounting for 40% of new cloud attacks. These groups have demonstrated exceptional skill in exploiting cloud misconfigurations and weaknesses in trusted relationships—such as those between partners, suppliers, and cloud service providers. Their methods are quietly sophisticated: establishing persistence, moving laterally, and harvesting credentials to exfiltrate sensitive data over the long term.

This marks a critical inflection point. Chinese adversaries are leveraging stealthier, bolder, and more automated operations, regularly targeting sectors ranging from telecommunications to finance.

The Rise of AI-Powered, Malware-Free Intrusions

CrowdStrike reports that 81% of interactive intrusions are now malware-free, up 27% from 2024. Instead of relying on traditional malicious software, attackers manually exploit cloud and identity systems—often without leaving a trace for antivirus programs to catch.

Generative AI has turbocharged these operations. North Korea’s Famous Chollima group stands out for using GenAI to generate fake résumés, engineer deepfake video interviews, and even deliver technical work through bogus identities. Over 320 organizations fell victim to them in just one year—a staggering 220% increase in successful infiltrations.

This hands-on-keyboard approach transforms classic insider threats into scalable, persistent campaigns. The margins for error have shrunk sharply, and adversaries can deploy custom tactics instantly.

Scattered Spider: Ransomware at Machine Speed

The Scattered Spider eCrime group, already notorious for big-game ransomware and data extortion, has upped the ante—moving from initial credential theft to full ransomware deployment in under 24 hours (32% faster than in 2024). Their weapons of choice? Voice phishing (vishing) and help desk impersonation, techniques designed to bypass multifactor authentication and exploit human factors within organizations.

In the first half of 2025 alone, vishing attacks far surpassed all of 2024, registering a phenomenal 442% increase during the previous year’s back half.

Now Targeting: AI Infrastructure

It’s not just that adversaries are using AI—the battlefront now includes AI agents and infrastructure as prime targets. Threat actors have actively exploited tools for building enterprise AI, stealing credentials, dropping malware, and in some cases, even compromising autonomous workflows at the heart of business operations.

Security experts warn: “Every AI agent is a superhuman identity: autonomous, fast, and deeply integrated, making them high-value targets.” The implication? Traditional security strategies won’t cut it in a world where machine identities can be hijacked at scale.

Defending Against the New Cyber Onslaught

CrowdStrike’s report issues a clarion call:

Adopt phishing-resistant multifactor authentication to block the deluge of social engineering attempts.
Strengthen help desk protocols—the new weak link in cloud credential defense.
Integrate real-time monitoring for anomalous activity spanning cloud, identity, and AI agent systems.

Organizations must shift from static defenses to proactive, AI-driven cybersecurity frameworks—embracing automation not just for business, but for relentless defense.

2025 marks the year cyberattacks became faster, smarter, and more relentless—driven by a perfect storm of AI innovation and global threat actor collaboration. The message for technology companies and enterprises is clear: When adversaries move this quickly and adaptively, security must not just keep up, but stay a step ahead.

futureTEKnow is a leading source for Technology, Startups, and Business News, spotlighting the most innovative companies and breakthrough trends in emerging tech sectors like Artificial Intelligence (AI), Robotics, and the Space Industry.

Become a contributor

Find out how

Discover the companies and startups shaping tomorrow — explore the future of technology today.