CrowdStrike 2026 Technology Threat Landscape Report: China’s Ambitions Fuel Attacks

___ Blog Featured Recent Video Category Start Free Trial CrowdStrike 2026 Technology Threat Landscape Report: China’s Ambitions Fuel Attacks China-nexus adversaries accounted for more than 58% of state-sponsored targeted intrusions against the technology sector. June 09, 2026 • Counter Adversary Operations • Threat Hunting & Intel The technology sector has, for the past several years, been the most targeted industry among eCrime and state-sponsored adversaries whose motivations span financial gain, long-term intelligence collection, and industrial espionage. Modern tech companies are building the world’s most valuable and targeted assets. Their cutting-edge innovations, now including AI, represent competitive advantage and heightened risk. Adversaries are taking aim, and defenders that understand them are best equipped to stop them.  The CrowdStrike 2026 Technology Threat Landscape Report, based on intelligence from the CrowdStrike Counter Adversary Operations team, details the trends and events that defined the technology threat landscape from April 1, 2025 through March 31, 2026. Its analysis reveals which adversaries target tech entities, and the methods they use, so organizations can prepare to face an evolving threat landscape.; Learn more: Download the CrowdStrike 2026 Technology Threat Landscape Report Nation-State Adversaries Set Sights on Technology Based on observed targeting patterns, more than 58% of state-sponsored targeted intrusions were attributed to China-nexus adversaries, which also posed the greatest intelligence collection threat to tech organizations. Adversaries including MURKY PANDA, MUSTANG PANDA, OVERCAST PANDA, SUNRISE PANDA, and WARP PANDA targeted the tech sector more than any other industry. Their operations appear to be driven by interest in technology development, intellectual property, and information aligning with the Chinese Communist Party’s intelligence collection goals. According to CrowdStrike threat intelligence, China’s strategic imperative is to achieve technological self-sufficiency and competitive advantage in key emerging technologies, so AI capabilities are likely a high-value target for them. In addition to this data, China-nexus adversaries seek access to downstream customer environments that can enable supply chain compromise.  Instances of China-nexus cyber activity against the tech sector: SUNRISE PANDA consistently targeted tech entities in East and Southeast Asia, particularly mail infrastructure that may provide access to government communications. MURKY PANDA conducted password-spraying attacks against more than 340 primarily U.S.-based organizations across sectors, with tech among the most affected.  WARP PANDA repeatedly targeted North American tech organizations, where they exploited vulnerabilities and maintained persistent access. China-nexus adversaries aren’t the only nation-state actors infiltrating tech companies. CrowdStrike observed the Democratic People’s Republic of Korea (DPRK) adversaries including FAMOUS CHOLLIMA, LABYRINTH CHOLLIMA, and STARDUST CHOLLIMA also targeted the technology sector — historically a key target for DPRK insider threat activity due to remote, high-salary roles.  FAMOUS CHOLLIMA accounted for 47% of all state-sponsored hands-on-keyboard operations against the tech sector, meaning they were most active in manual operations over traditional malware. In their IT worker infiltration campaigns, they sought fraudulent employment at tech companies across North America, Europe, and Asia. Our findings indicate their primary motivation is financial gain; revenue from these attacks goes toward the regime. DPRK-nexus adversaries also pursued supply chain compromise: STARDUST CHOLLIMA compromised the Axios npm package, downloaded 100 million times per week, in operations that likely exposed millions of downstream users and poisoned open-source supply chains.  eCrime Adversaries Accelerate Extortion Operations Tech entities are a key target for eCrime adversaries due to opportunities to disrupt operations and their vast stores of monetizable information. eCrime activity made up 65% of hands-on-keyboard operations targeting tech. Initial access brokers advertised access to 277 technology companies, a nearly 30% increase that indicates heightened demand for identity-driven access.  Most big game hunting (BGH) activity targeted North America-based technology entities. BGH adversaries named 572 technology organizations on dedicated leak sites for extortion, far surpassing other sectors. In the same time frame, BGH adversaries named only 16 law enforcement and nine defense organizations.  Instances of eCrime activity against the tech sector: Multiple eCrime threat actors used OpenClaw-related lures to distribute malware, exploiting the surge in AI adoption. A February 2026 campaign distributed a new macOS information stealer via fake OpenClaw skills. The Crimson Collective group claimed to access and steal data from the private code repositories of a software development company; they purportedly accessed 570GB of data across 28,000 projects. An unknown threat actor operating Glassworm malware compromised 350 GitHub repositories to inject malicious code. The technology sector is one of the most, if not the most, persistently targeted industries in the global threat landscape. Tech organizations must be aware of threats to best prepare to face them. The CrowdStrike 2026 Technology Threat Landscape Report provides CrowdStrike’s observations of the themes and trends that defined this sector. Download the full report to understand how today’s adversaries are targeting tech and how to strengthen defenses.  Additional Resources Learn more about CrowdStrike Counter Adversary Operations threat intelligence and threat hunting. Tune in to the Adversary Universe podcast, where CrowdStrike reveals the threat actors behind the latest cyberattacks.  Dive deeper into topics like this at Fal.Con 2026 with expert-led sessions, hands-on training, and real-world insights. CrowdStrike 2026 Global Threat Report AI threats have reached a critical turning point. Access the definitive look at the cyber threat landscape. Download Related Content Threat Hunting & Intel | May 26, 2026 Disrupting Glassworm: Inside CrowdStrike’s Takedown of a Developer-Targeting Botnet Threat Hunting & Intel | May 14, 2026 Now Live: The CrowdStrike 2026 Financial Services Threat Landscape Report Threat Hunting & Intel | May 06, 2026 CrowdStrike Named a Leader in the First-Ever Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies Categories Agentic SOC 52 Cloud & Application Security 144 Data Security 24 Endpoint Security & XDR 357 Engineering & Tech 87 Executive Viewpoint 180 Exposure Management 120 From The Front Lines 204 Next-Gen Identity Security 71 Next-Gen SIEM & Log Management 113 Public Sector 42 Securing AI 36 Threat Hunting & Intel 219 CrowdStrike Falcon Platform Ready to protect your business? Try CrowdStrike free today Start free trial Subscribe Sign up now to receive the latest notifications and updates from CrowdStrike Subscribe See CrowdStrike Falcon in action Explore demos Copyright © 2026 CrowdStrike Privacy Request Info Blog Contact Us 1.888.512.8906 Accessibility Privacy Preference Center Privacy Preference Center Your Privacy Strictly Necessary Cookies Performance Cookies Functional Cookies Targeting Cookies Your Privacy When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences, or your device, and is mostly used to make the site work as you expect. The information does not usually identify you directly, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to learn more and change our default settings. Blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information Strictly Necessary Cookies Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They may be set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies may process limited personal information, such as technical or device identifiers, where necessary to ensure the security, functionality, and integrity of the website or web portal. Such processing is strictly limited to what is required for these purposes and is not used for advertising or marketing. Cookies Details Performance Cookies Performance Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore does not identify you. If you do not allow these cookies, your visit to our website will not be included in our analytics, and our ability to monitor website performance and make improvements will be reduced. Cookies Details Functional Cookies Functional Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. Cookies Details Targeting Cookies Targeting Cookies These cookies may be set on our site by our advertising partners. They assign a unique identifier to your browser or device and may track your activity across sites to build a profile of your interests and show you relevant adverts on other sites. If you do not allow these cookies, you will still see ads, but they may be less relevant to you. Cookies Details Cookie List Consent Leg.Interest checkbox label label checkbox label label checkbox label label Clear checkbox label label Apply Cancel Confirm My Choices Allow All