CrowdStrike Report: China-Nexus Actors Dominate Tech Sector Cyberattacks
CrowdStrike's 2026 Technology Threat Landscape Report reveals China-nexus adversaries are the primary threat to the technology sector, driven by national ambitions for technological self-sufficiency and intellectual property acquisition.
The technology sector remains a prime target for both financially motivated cybercriminals and state-sponsored actors, with their motivations ranging from intelligence gathering to industrial espionage. As tech companies push the boundaries of innovation, particularly in areas like Artificial Intelligence (AI), they are creating valuable assets that attract sophisticated adversaries. Understanding these threats is crucial for effective defense.
The CrowdStrike 2026 Technology Threat Landscape Report, compiled by the CrowdStrike Counter Adversary Operations team, analyzes trends and events from April 2025 to March 2026. It identifies the key adversaries targeting the tech industry and their methodologies, providing essential intelligence for organizations to prepare for an evolving threat landscape. The report highlights that over 58% of state-sponsored intrusions into the tech sector were attributed to China-nexus adversaries, making them the most significant intelligence collection threat.
Adversaries such as MURKY PANDA, MUSTANG PANDA, OVERCAST PANDA, SUNRISE PANDA, and WARP PANDA have consistently targeted technology companies. Their operations are fueled by China's strategic imperative to achieve technological self-sufficiency and gain a competitive edge in emerging technologies, with AI capabilities being a particularly high-value target. Beyond direct espionage, these actors also seek access to downstream customer environments to facilitate supply chain compromises.
Specific examples of China-nexus activity include SUNRISE PANDA targeting mail infrastructure in East and Southeast Asia for potential access to government communications, MURKY PANDA conducting widespread password-spraying attacks against hundreds of U.S. organizations including tech firms, and WARP PANDA exploiting vulnerabilities in North American tech companies to maintain persistent access.
While China-nexus actors are prominent, other nation-state actors are also active. The Democratic People's Republic of Korea (DPRK), through groups like FAMOUS CHOLLIMA, LABYRINTH CHOLLIMA, and STARDUST CHOLLIMA, also targeted the technology sector. DPRK adversaries, historically interested in insider threat activity due to remote high-salary roles, were the most active in hands-on-keyboard operations against tech companies. FAMOUS CHOLLIMA, responsible for 47% of these operations, primarily sought financial gain to fund the regime.
DPRK actors also engaged in supply chain attacks, with STARDUST CHOLLIMA compromising the widely used Axios npm package. This operation potentially exposed millions of downstream users and poisoned open-source supply chains, demonstrating a broad impact beyond direct targets.
Beyond nation-state threats, eCrime adversaries are intensifying their extortion operations against the tech sector. The sector's valuable data and operational disruption potential make it an attractive target. eCrime activity accounted for 65% of hands-on-keyboard operations, with initial access brokers advertising access to 277 technology companies, a nearly 30% increase indicating high demand for identity-driven access. Big game hunting (BGH) adversaries disproportionately targeted North American tech organizations, naming 572 tech companies on leak sites for extortion.
The report also notes emerging eCrime tactics, such as the use of OpenClaw-related lures to distribute malware, capitalizing on the surge in AI adoption. A campaign in February 2026 distributed a macOS information stealer via fake OpenClaw skills. Furthermore, threat actors like the Crimson Collective and Glassworm have compromised private code repositories and GitHub repositories, respectively, to steal data and inject malicious code, highlighting the persistent and evolving nature of threats against the technology industry.