Skip to main content
Explore our brands An Informa TechTarget Publication
close search
site logo

Threat groups move at record speeds, as AI helps scale attacks

A report by CrowdStrike shows cybercrime groups are outpacing security teams and increasingly abusing legitimate tools.

Published Feb. 24, 2026
David Jones's headshot
Reporter
CrowdStrike's super-sized statue of the threat group it calls Scattered Spider on the show floor at Black Hat on August 8, 2024.
CrowdStrike's booth on the show floor at Black Hat in Las Vegas on Aug. 8, 2024, included a a super-sized statue of the threat group it calls Scattered Spider. Matt Kapko/Cybersecurity Dive

Threat actors are using AI to add speed and scale to their hacking toolkits and setting records for attack speeds that increasingly outpace security teams, according to a report released Tuesday from CrowdStrike.  

The average e-crime breakout reached 29 minutes in 2025, a 65% increase in speed from the prior year, according to the report. The fastest observed breakout time in 2025 was only 27 seconds, compared with 51 seconds the prior year. 

Researchers define breakout time as the period between initial intrusion until an adversary is able to move onto another system. In one particular case, hackers were able to exfiltrate data within four minutes of gaining initial access.

CrowdStrike researchers see the reduction in breakout time as placing additional pressure on security teams to be able detect and respond to attacks. He compared the role of network defenders to security guards in a building lobby.

“If that threat actor gets past the guard and they get into the elevator, now they have to go floor to floor and door to door to figure out every place that adversary went,” Adam Meyers, head of counter adversary operations, at CrowdStrike said during a conference call. “What did they touch? What did they get into?”

Threat groups are also abusing legitimate AI tools as part of their attacks. About 90 organizations were impacted by hackers dropping malicious prompts into these tools in order to steal credentials or steal cryptocurrency. 

Nation-state and criminal groups increased their use of AI by about 90%, according to the report. For example, state-linked threat group Fancy Bear used AI-enabled malware called LameHug to automate document collection and reconnaissance activity. 

A cybercrime actor tracked as Punk Spider used AI-generated scripts to erase forensic evidence and accelerate credential dumping. Famous Chollima, a North Korea-linked threat actor, used AI-generated personas for insider attacks.

The report confirms growing fears about threat groups adding AI tools to scale up attacks. In November, Anthropic reported a China-linked adversary abused its AI-based coding tool in a global espionage campaign that hit 30 different organizations.

Filed Under: Strategy, Threats

Editors' picks

Company Announcements

View all | Post a press release
CyberFOX Named a 2026 Best Place to Work by the Tampa Bay Business Journal
From CyberFOX
February 24, 2026
CyberFOX logo
EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Se…
From EC-Council
February 11, 2026
EC-Council logo
100 Telcos, 1.6 Billion Users, 700 % Growth – Whalebone to Become the Fastest-Growing Cybersec…
From Whalebone
February 09, 2026
Whalebone logo
Editors' picks
Latest in Strategy
This website is owned and operated by Informa TechTarget, a global network that informs, influences and connects the world's technology buyers and sellers.

© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. An Informa PLC company.
Privacy policy | Terms of use | Take down policy | Cookie Preferences / Do Not Sell