Chinese Cyber Campaigns Intensify as AI Becomes Strategic Target
As the competition to lead the AI sector accelerates worldwide, cybersecurity firm CrowdStrike says China-linked threat actors are the dominant source of state-sponsored cyber activity targeting tech companies and their AI assets.
According to CrowdStrike’s latest threat intelligence findings, organizations connected to China were responsible for more than 58% of state-backed cyber operations aimed at tech firms during the 12 months ending March 31. The report points to a sustained effort to obtain AI-related intellectual property, research, and technical capabilities from companies developing advanced technologies.
AI is an area of fierce competition between the US and China. Billions of dollars are being invested in LLMs, AI infrastructure, chip development, and specialized computing platforms. As these investments grow, the information and intellectual property surrounding AI systems have become highly attractive targets for cyber espionage.
CrowdStrike said the activity reflects China’s broader technology ambitions and its interest in acquiring strategically valuable information. The cybersecurity company warned that threat groups linked to China are attempting to obtain capabilities that would otherwise require years of research and development.
The tech sector remained the most heavily targeted industry in the report. CrowdStrike’s analysis covered companies involved in software development, semiconductors, hardware manufacturing, IT services, and related tech fields. While the report did not identify specific victims, it described a pattern of activity directed at organizations involved in AI innovation and development.
The company also noted that Chinese-affiliated threat actors targeted government communications networks in Southeast Asia while maintaining long-term access to some North American tech organizations through the exploitation of security weaknesses.
The US has engaged in ongoing efforts to limit China’s access to advanced AI technologies. Restrictions on high-end AI training chips have increased pressure on Chinese firms to develop domestic alternatives. As a result, Chinese AI developers have sought to improve efficiency and reduce costs while continuing to advance model performance.
Recent concerns about AI-related intellectual property have extended beyond traditional cyberattacks. OpenAI and Anthropic recently alleged that Chinese organizations were extracting valuable competitive information from U.S. AI firms. Industry observers note that distinguishing between legitimate competitive research and improper acquisition of technical information can be difficult in some cases.
Attacks From Outside China
CrowdStrike also highlighted threats originating outside China. North Korean operators continue to pursue tech companies through fraudulent employment schemes, according to the report. In these campaigns, individuals using false identities seek remote IT positions inside organizations across North America, Europe, and Asia. The salaries generated from those jobs are believed to support the North Korean government, while the positions can also provide opportunities for intelligence gathering.
Groups linked to Russia and Iran remain active as well, continuing to target tech organizations for intelligence gathering and disruptive cyber operations.
Beyond nation-state threats, cybercriminals are increasing their focus on the tech sector. CrowdStrike reported a 30% rise in advertisements from threat actors offering access to compromised organizations, signaling growing organized crime interest in tech infrastructure and sensitive data.
