CrowdStrike, the cybersecurity company, says China-linked hackers represented the largest espionage threat to technology companies over the 12 months covered in its latest report, a period marked by intense investment activity around artificial intelligence.
The report, which spans April 1, 2025 to March 31, 2026, finds that Chinese-aligned campaigns are consistent with Beijing’s strategic priorities and show persistent interest in technology development, intellectual property and information with strategic or economic worth. CrowdStrike singled out technology companies that research, develop or distribute computer hardware and technology, IT services and consulting, semiconductors and software as the most frequently targeted sectors.
CrowdStrike did not provide names of specific companies targeted in its analysis. The firm said the profile of attacks aligns with a broader global push to secure AI capabilities, and noted that both major frontier laboratories and smaller, domain-specific model developers are at risk.
Adam Meyers, CrowdStrike’s senior vice president and head of counter adversary operations, framed the activity in stark terms: he said there is an AI arms race between the U.S. and China and that China aims for global dominance by 2030. Meyers emphasized that the heightened threat environment includes both high-profile AI research centers and niche model developers.
On April 23, the White House Office of Science and Technology Policy accused China-based entities of carrying out "deliberate, industrial-scale campaigns" to covertly appropriate U.S.-developed AI models for their own use, a point that underscores the report’s concern about AI-related targets.
A spokesperson for the Chinese Embassy in Washington responded by saying, "China opposes hacking activities and fights such activities in accordance with the law," and rejected what the spokesperson called "vilification and smears under the pretext of cybersecurity." The embassy representative also said China and the U.S. need to collaborate on AI development and governance, and noted that during Trump’s recent visit "the two heads of state had constructive exchanges on AI and agreed to launch government-to-government dialogue on AI."
The report highlights threats beyond China. North Korean actors were described as posing a major threat, in particular through a scheme in which operatives use fabricated identities to obtain remote IT positions at technology companies. According to the report, the salaries for those workers are largely routed back to the Pyongyang government, and the insiders’ roles create footholds for intelligence collection inside targeted companies.
Russian and Iran-linked groups were also reported as active against the technology sector in the U.S. and other countries, engaging in intelligence-gathering operations and, in some instances, deploying destructive malware. CrowdStrike’s analysis further notes a notable uptick in financially motivated cybercrime aimed at technology firms during the same period.
The company recorded a 30% rise in advertising by hackers selling access to various targets, an indicator of growing criminal market activity that complements state-aligned operations. This increase reflects a broader trend in which both espionage-focused and profit-driven actors see technology firms as high-value objectives.
In sum, the report paints a multi-faceted threat landscape for the technology sector: state-linked actors, including those associated with China, North Korea, Russia and Iran, continue to pursue intelligence and disruptive operations, while cybercriminal groups increasingly buy and sell access to corporate networks. The findings arrive as AI-related investments and valuations remain elevated, reinforcing the sector’s attractiveness to hostile actors.