Skip to main content
Explore our brands An Informa TechTarget Publication
close search
site logo
Dive Brief

IT sector faces growing threats from IP-hungry China, AI-enabled cybercriminals

Businesses also need to watch out for North Korean remote IT worker schemes, according to a new CrowdStrike report.

Published June 9, 2026
Eric Geller's headshot
Senior Reporter
A Chinese flag flutters in front of a Chinese government building, on top of which other Chinese flags are flying
The Great Hall of the People in Beijing, China, is seen on March 10, 2025. A new report described how Beijing was avidly focused on hacking into IT firms to siphon off their intellectual property. Kevin Frayer via Getty Images

Dive Brief:

  • Chinese government-linked hackers represent the most serious threat to companies in the IT sector, CrowdStrike said Tuesday in an annual report about the IT threat landscape.
  • Between April 2025 and March 2026, cyber operatives working for Beijing targeted the technology sector more than any other, according to CrowdStrike’s report, “likely in response to Beijing’s strategic imperative to achieve technological self-sufficiency and competitive advantage in critical emerging technologies.”
  • The new report also describes threats from North Korea, cybercrime gangs and other adversaries.

Dive Insight:

CrowdStrike’s report catalogs the many threat actors that launched significant cyberattacks against the IT sector during the report’s 12-month data collection period, many of them longtime hacker groups that have menaced the sector for years.

Significant China-linked operations include Sunrise Panda’s attacks on “a Southeast Asian technology entity that provides Zimbra solutions to downstream government customers,” Murky Panda’s password-spraying campaign against Microsoft Azure customers (which CrowdStrike said affected more than 340 mostly U.S.-based organizations in a range of sectors) and Warp Panda’s exploitation of VMware vulnerabilities to deploy the Brickstorm malware.

“Technology entities in general serve as a strategic target for China-nexus adversaries,” CrowdStrike analysts wrote, “because access to such entities provides high-value intelligence collection as well as access to downstream customer environments that can enable potential supply chain compromises.”

North Korean actors were also laser-focused on the IT sector. In addition to its remote IT worker schemes, Pyongyang exploited trust relationships between open-source developers to poison widely used packages, enabling far-reaching espionage campaigns. CrowdStrike recounted how North Korean operatives tricked developers into cloning malware-infected Git repositories that enabled the hackers to penetrate macOS and Linux computers.

While China’s activities were worrisome because of their sophistication, North Korea’s were notable because of their volume, CrowdStrike said. One North Korea-linked group, Famous Chollima, was responsible for 47% of all government-linked cyberattacks on IT firms.

Cybercrime activity during the reporting period included Scattered Spider and ShinyHunters attacks, as well as the relatively new group Crimson Collective’s hack of Red Hat Consulting, which allegedly compromised 570 GB of data that included sensitive customer infrastructure and configuration information.

Cybercrime accounted for 65% of attacks on the IT sector during the reporting period, CrowdStrike said. Hacker gangs claimed to be extorting 572 technology companies on their leak websites, while dark-web forums advertised compromises of 277 technology companies, an increase of almost 30% over the previous year. (The forums advertised 4,550 compromises overall.)

AI fueled cybercriminals’ activity, as they used automated tools to generate credential-collection scripts and erase forensic evidence more quickly than defenders could preserve it. Poorly secured AI platforms have also created openings for threat actors. In the first few months of 2026, multiple criminal groups distributed malware — including a new macOS information stealer called Skrawl — using weaknesses in the AI agent OpenClaw.

CrowdStrike said IT firms in North America bore the brunt of cyberattacks during the reporting period, accounting for 45% of intrusions within the sector and 49% of extortion victims posted to data-leak websites.

Editors' picks

Company Announcements

View all | Post a press release
DeVry University Earns Top 12 National Ranking in Spring 2026 National Cyber League Competition
From DeVry University
May 28, 2026
DeVry University logo
360 Privacy Expands Senior Leadership as Threats to Executives and High-Profile Individuals Gr…
From 360 Privacy
May 21, 2026
360 Privacy logo

Want to share a company announcement with your peers?

Get started

Editors' picks
Latest in Strategy
This website is owned and operated by Informa TechTarget, a global network that informs, influences and connects the world's technology buyers and sellers.

© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. An Informa PLC company.
Privacy policy | Terms of use | Take down policy | Cookie Preferences / Do Not Sell