The technology sector has become the world’s most targeted industry for cyberattacks, with China-nexus adversaries driving more than 58% of all state-sponsored intrusions against tech firms as Beijing accelerates efforts to acquire AI capabilities and intellectual property it cannot build fast enough, according to CrowdStrike‘s 2026 Technology Threat Landscape Report.

The report, based on frontline intelligence from CrowdStrike’s Counter Adversary Operations tracking more than 280 named adversaries, identifies five key threat vectors reshaping the risk environment for technology organisations globally — with Southeast Asia and Indonesia specifically named in active campaign disclosures.

China-nexus actors dominate state-sponsored intrusions

Five China-aligned threat groups — MURKY PANDA, MUSTANG PANDA, OVERCAST PANDA, SUNRISE PANDA, and WARP PANDA — targeted technology organisations more than any other industry in the period covered. MURKY PANDA’s password-spraying campaign alone impacted more than 340 US-based entities.

SUNRISE PANDA conducted sustained, multi-year operations targeting technology entities across East and Southeast Asia. The group compromised a Southeast Asian technology provider’s Zimbra email infrastructure in an attempt to access downstream government communications — a supply-chain intrusion technique designed to extend reach beyond the initial target.

DPRK operatives embed inside tech firms using AI

FAMOUS CHOLLIMA, a DPRK-nexus group, used AI-enhanced personas and US front companies to secure remote IT roles inside technology firms, accounting for 47% of all state-sponsored interactive intrusions against the sector. Revenue generated flows directly to North Korea’s weapons programmes. Separately, STARDUST CHOLLIMA compromised the Axios NPM package — downloaded 100 million times per week — likely exposing millions of downstream users. In October 2025, a likely STARDUST CHOLLIMA operative posing as a recruiter from fictitious firm Veltrix Capital conducted video interviews with an employee of an Indonesia-based technology entity, ultimately tricking them into installing a malicious Node.js dependency.

eCrime accounts for 65% of interactive operations

Financially motivated attacks accounted for 65% of all interactive operations against the sector. Initial access brokers advertised access to 277 technology organisations — a nearly 30% increase — while 572 technology entities were named on dedicated leak sites for extortion. eCrime groups also weaponised AI to generate credential-dumping scripts and erase forensic evidence at machine speed, collapsing defenders’ response windows.

“Technology organizations are building the most valuable and most targeted assets in the world. Every AI breakthrough creates a competitive advantage and new attack surface at the same time. China runs cyberespionage as industrial policy to try to close the AI innovation gap, demonstrating that AI capabilities are the prize adversaries are after. Whether you’re building AI or adopting it, security has to be built in from the start,” said Adam Meyers, head of counter adversary operations at CrowdStrike.