The technology sector absorbed more than half of all state-sponsored cyber intrusions over the past year, and China-nexus groups are behind most of them, according to a new report from CrowdStrike. The security firm attributed 58% of targeted state-backed attacks on tech companies to China-linked adversaries between April 2025 and March 2026. Those groups, the report says, are chasing one thing above all: artificial intelligence.
AI as the prize
CrowdStrike frames the campaign as a deliberate industrial-policy play. “China runs cyberespionage as an industrial policy to try to close the AI innovation gap,” said Adam Meyers, the company’s head of counter-adversary operations. Beijing has publicly stated its goal of global AI leadership by 2030, and the report argues that espionage is one of the tools it is using to get there. AI capabilities, CrowdStrike notes, are the highest-value intelligence collection target for these adversaries.
Five named threat groups
The report identifies five clusters under the broader China-nexus umbrella: MURKY PANDA, MUSTANG PANDA, OVERCAST PANDA, SUNRISE PANDA, and WARP PANDA. Each operates differently, but the scale is notable. MURKY PANDA alone ran a password-spraying operation that hit more than 340 US-based entities. Password spraying — trying common passwords across many accounts at once — is a brute-force method that can work when basic credential hygiene is weak.
Why the tech sector is the target
The concentration on tech firms is not accidental. CrowdStrike says the drivers include US-China decoupling, sanctions enforcement, and economic espionage — all of which make intellectual property, especially around AI, a prime objective. The firm expects China-linked groups to keep prioritizing technology organizations for at least the next 12 months. That timeline suggests the espionage is coordinated and sustained, not opportunistic.
A window for countermeasures
Anthropic, the AI company, has argued that Washington could lock in a 12- to 24-month advantage over China by imposing tighter curbs on chip smuggling, offshore data centers, and a technique called model distillation — essentially stealing an AI model’s capabilities by querying it. Whether US policy will move fast enough to close those gaps remains an open question. For now, tech companies are left to defend against a steady stream of intrusions aimed at the very technologies they are racing to develop.
