A new CrowdStrike threat hunting report has exposed the rise of "enterprising adversaries" who are leveraging artificial intelligence and sophisticated social engineering to launch increasingly devastating cyberattacks, with cloud intrusions skyrocketing by 136% in the first half of 2025 alone.
The cybersecurity firm's 2025 Threat Hunting Report reveals that 81% of interactive intrusions were malware-free, demonstrating how attackers are evolving beyond traditional detection methods.
These "hands-on-keyboard" attacks increased 27% year-over-year, with cybercriminals accounting for 73% of all interactive intrusions.
AI Becomes the New Weapon of Choice
The report identifies North Korean threat group FAMOUS CHOLLIMA as the most AI-proficient adversary, using generative AI tools throughout their operations. "FAMOUS CHOLLIMA IT workers use GenAI to create attractive résumés for companies, reportedly use real-time deepfake technology to mask their true identities in video interviews, and leverage AI code tools to assist in their job duties," the report states.
These operatives infiltrated over 320 companies in the last 12 months—a staggering 220% increase—by automating every stage of fraudulent employment schemes, from crafting synthetic identities to managing multiple simultaneous jobs.
Voice Phishing Attacks Explode
Perhaps most alarming is the explosion in voice phishing (vishing) attacks, which increased 442% from the first to the second half of 2024. These attacks have already surpassed 2024's total volume in just the first half of 2025, with cybercriminal group SCATTERED SPIDER leading the charge.
 |
| Vishing attacks observed by month, January 2024-June 2025 | Image by CrowdStrike |
SCATTERED SPIDER has accelerated their operations dramatically, moving from account takeover to ransomware deployment in just 24 hours—32% faster than their 2024 pace. The group specializes in help desk social engineering, impersonating legitimate employees to trick IT support into resetting passwords and multi-factor authentication.
Cloud Environments Under Siege
China-nexus adversaries have become particularly adept at cloud exploitation, with a 40% increase in cloud-conscious intrusions attributed to Chinese threat actors. Groups like GENESIS PANDA and MURKY PANDA are leveraging cloud infrastructure for command and control, data exfiltration, and establishing persistent access.
Defensive Recommendations
CrowdStrike recommends that organizations implement phishing-resistant multi-factor authentication, deploy cross-domain visibility tools, and adopt AI-powered security solutions to counter these evolving threats. The report emphasizes that traditional perimeter defenses are insufficient against adversaries who exploit human vulnerabilities and operate across multiple domains simultaneously.