Skip to main content
TechnologyJul 7, 2026· 3 min read

The Tech Sector is the Primary Target of Cyber Attacks: An Analysis by CrowdStrike

The technology sector is currently the most exposed industry to cyber attacks. The reason is easy to understand: tech companies concentrate data, intellectual property, software infrastructures, and increasingly, capabilities related to artificial intelligence. Models, development pipelines, training tools, and skills have become industrial assets to protect and therefore targets to hit.

According to the Technology Threat Landscape Report 2026 by CrowdStrike, Chinese-affiliated actors are intensifying cyber espionage activities against tech companies to steal intellectual property and AI capabilities. Adversaries linked to China are said to be responsible for over 58% of state-sponsored intrusions against the sector.

The report is based on intelligence from CrowdStrike's Counter Adversary Operations team, which monitors more than 280 adversary groups. Among those mentioned are MURKY PANDA, MUSTANG PANDA, OVERCAST PANDA, SUNRISE PANDA, and WARP PANDA. One single password spraying campaign attributed to MURKY PANDA reportedly impacted over 340 organizations based in the United States.

From Chinese Espionage to Fake North Korean IT Workers

The pressure on the tech sector comes from multiple fronts. On one side, there are Chinese actors primarily interested in technologies and AI capabilities. On the other side, there are groups linked to North Korea, which according to CrowdStrike, are using AI-enhanced fake identities and shell companies to obtain remote IT roles within tech companies.

The case highlighted in the report is FAMOUS CHOLLIMA. Its activities reportedly generated 47% of the state-sponsored interactive intrusions against the sector, with proceeds directed to the North Korean regime's military programs. The criminal component remains very strong as well. eCrime operations accounted for 65% of all interactive intrusions against the tech sector. Initial access brokers have been selling access to 277 tech organizations, with a growth of nearly 30%, while groups specialized in extortion attacks against high-value targets have published the names of 572 tech companies on leak sites.

The Tools Used by Developers Become Targets for Cyber Criminals

The report also notes the increasing use of AI by attackers. CrowdStrike cites AI-generated scripts to steal credentials and erase forensic traces very quickly, reducing the window for intervention by security teams. However, the risk also pertains to development environments. According to CrowdStrike, the Skrawl malware was distributed via fake OpenClaw extensions and counterfeit download sites imitating legitimate AI tools. Another case involves STARDUST CHOLLIMA, which reportedly compromised the NPM Axios package, downloaded about 100 million times a week. Before CrowdStrike intervened on the Glassworm botnets, 350 GitHub repositories would have been compromised to insert malicious code into JavaScript and Python projects.

For tech companies, security no longer only concerns networks, endpoints, and cloud environments. It encompasses the entire chain with which software is written, assembled, distributed, and used. As AI becomes a competitive advantage, it also becomes an attack surface.

"Tech companies are creating the most valuable and targeted assets in the world. Every innovation in AI simultaneously creates a competitive advantage and a new attack surface," comments Adam Meyers, Head of Counter Adversary Operations at CrowdStrike. "China uses cyber espionage as an actual industrial policy to try to bridge the gap in AI innovation. Whether it’s developing AI or adopting it, security must be integrated from the very beginning.