50% off Falcon Go, Pro, or Enterprise — for a limited time only  Claim my deal

CrowdStrike 2025
Threat Hunting Report

CrowdStrike 2025
Threat Hunting Report

320+ orgs infiltrated by DPRK-nexus adversaries using GenAI accelerated attacks

81% of hands-on-keyboard intrusions were malware-free1

136% surge in cloud intrusions2

Download

Adversaries weaponize and target AI at scale:

  • How adversaries use AI for deception
  • Key insights into hands-on-keyboard attacks
  • Why speed is the adversary’s top advantage
Download
Famous Chollima
Stop insider threats in the AI era
220%
year-over-year increase in organizations infiltrated by FAMOUS CHOLLIMA
AI-enabled adversary tradecraft is transforming traditional insider threats into scalable, persistent operations.

GenAI automates every phase, from building fake resumes and conducting deepfake interviews to completing technical tasks under false identities.

The resurgence of SCATTERED SPIDER

The resurgence of SCATTERED SPIDER

The adversary reemerged with more aggressive identity-based tradecraft – leveraging vishing and help desk impersonation to reset credentials, bypass MFA, and move laterally across SaaS and cloud environments.

Scattered Spider

2X

Vishing is on track to double last year's volume3

Five

of the top 10 most commonly used MITRE ATT&CK® techniques were Discovery techniques1

Cloud under attack

Cloud under attack

The cloud is a key battleground. Adversaries are exploiting its scale, sensitive data, and misconfigurations to establish persistence, move laterally, and exfiltrate information — often without triggering alerts.

Glacial Panda

136%

surge in cloud intrusions2

40%

increase in cloud intrusions attributed to China-nexus adversaries1

Traditional defenses are obsolete

Traditional defenses are obsolete

The AI era has changed how adversaries operate, and most defenses weren’t built for this reality. Traditional tools were designed for a world of malware and single-domain attacks. Today’s adversaries operate malware-free, navigate across domains at machine speed, and use AI-enabled deception to exploit human trust.

Scattered Spider

27%

increase in hands-on-keyboard intrusions1

81%

of hands-on-keyboard intrusions were malware-free1

Know the adversary. Stop the breach.

Meet the world’s most dangerous adversaries — and the tradecraft they don’t want you to see.

SCATTERED SPIDER

SCATTERED SPIDER

eCrime

GLACIAL PANDA

GLACIAL PANDA

China

FAMOUS CHOLLIMA

FAMOUS CHOLLIMA

North Korea

Outpace adversaries in the AI era.
Get the 2025 Threat Hunting Report.

Download

Watch the briefing: CrowdStrike 2025 Threat Hunting Report

Get expert insights on this year’s biggest trends — plus, tune in to the Adversary Universe Podcast.

Watch the briefing Explore Adversary Universe podcast
Adam Meyers

Adam Meyers

Sr. VP of Counter Adversary Operations, CrowdStrike

Cristian Rodriguez

Cristian Rodriguez

CTO of Americas, CrowdStrike

FAQs

The report is powered by real-world insights from the CrowdStrike OverWatch team. Our expert threat hunters track the world’s most advanced cyber adversaries 24/7. The CrowdStrike 2025 Threat Hunting Report reflects their front-line findings from active investigations conducted between July 1, 2024, and June 30, 2025.

AI has enabled malware-free tactics, automated lateral movement, and scaled social engineering. Adversaries now operate at machine speed across domains, rendering many traditional defenses obsolete. This is a revolution in adversary operations, and it demands a new approach to security.

While others retrofit AI features onto legacy architectures, the unified, AI-native CrowdStrike Falcon® platform sees across domains in real time, detects malware-free attacks through behavioral analysis, and responds at machine speed. CrowdStrike empowers organizations to detect, disrupt, and stop advanced attacks before they escalate.

1. In the last 12 months

2. In the first half of 2025 compared to all of 2024

3. By the end of 2025