Developments in artificial intelligence are driving not just spending in the technology sector but also an increase in cyber attacks against the sector – and it’s China that’s the major culprit.
The new findings are courtesy of CrowdStrike’s 2026 Technology Threat Landscape Report, which was released overnight and reveals that state-backed Chinese hackers were behind 58 per cent of all intrusions targeting technology companies.
“Technology organisations are building the most valuable and most targeted assets in the world. Every AI breakthrough creates a competitive advantage and new attack surface at the same time,” Adam Meyers, CrowdStrike’s head of counter adversary operations, said in a statement.
“China runs cyber espionage as an industrial policy to try to close the AI innovation gap, demonstrating that AI capabilities are the prize adversaries are after. Whether you’re building AI or adopting it, security has to be built in from the start.”
One password-spraying campaign alone, conducted by the China-nexus threat actor Murky Panda, targeted more than 340 technology firms in the United States.
China’s not alone in driving cyber attacks targeting the sector, however. The North Korean-backed Famous Chollima group was observed using AI to enhance fake personas, alongside front companies based in the US, to embed operatives inside tech companies. In the DPRK’s case, however, the motive isn’t technology theft, but rather to siphon wages to fuel the country’s weapons programs.
Of course, while state-based activity is rife, criminal activity targeting the sector remains rife.
Sixty-five per cent of all attacks on the sector were financially motivated, while the number of initial access brokers selling access to tech firms rose by almost 30 per cent to 277. Similarly, threat actors known for big game hunting named 572 tech companies on darknet extortion sites.
Again, artificial intelligence is a key driver. However, as countries like China are endeavouring to acquire the technology, cyber criminal groups are already taking advantage of the tech. According to CrowdStrike, AI-generated scripts are being used at scale to erase evidence and dump credentials, leading to faster attack cycles and less time for network defenders to respond.
But perhaps most worryingly, threat actors are accelerating their targeting of vital code repositories.
“The DPRK actor Stardust Chollima compromised the Axios NPM package, which is downloaded 100 million times each week, and exposed millions of downstream users and open-source supply chains,” CrowdStrike said.
“Separately, prior to CrowdStrike’s disruption of the Glassworm botnet, malware operators compromised 350 GitHub repositories to inject malicious code into JavaScript and Python projects, targeting software development ecosystems.”
You can read the full report here.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.