A report warns about the threats that loom over the AI ​​technology sector from China and Korea

The technology sector is being the target of cybercriminal groups linked to China and actors related to North Korea with the objective, on the one hand, of steal Artificial Intelligence (AI) capabilities, and on the other, to channel income to the Korean regime.

The 2026 Tech Threats report published by CrowdStrike has revealed some details about the current state of the cybersecurity attack landscape “on the technology organizations that are building the most valuable assets but most attacked in the world,” according to the head of CrowdStrike’s Counter-Adversary Operations group, Adam Meyers.

The document reveals that espionage campaigns against technological organizations are intensifying with the aim of steal AI capabilities and intellectual property that they cannot develop fast enough for themselves. “Every advance in Artificial Intelligence simultaneously generates a competitive advantage and a new attack surface,” says Meyers.

The report states that China-linked cybercriminal groups have been responsible for more than 58 percent of intrusions State-sponsored attacks against the technology sector.

Some of the groups are named as MURKY PANDA, MUSTANG PANDA, OVERCAST PANDA, SUNRISE PANDA y WARP PANDAwhich are the ones that tend to attack the technology sector most frequently.

MURKY PANDA, in an articulated campaign that affected 340 US entities, used ‘password spraying’, a hacking technique that is based on testing very common passwords (like “March2026!” or “Password2026!”) in a giant list with thousands of emails until someone is logged in.

As far as North Korea is concerned, there are people who have been able to infiltrate professionals with remote jobs in technology companies using AI. The group is called FAMOUS CHOLLIMA and with the use of AI-powered identities, it accounted for 47 percent of all state-sponsored interactive intrusions against the sector.

Its objective was to channel illicit income, which went directly to the weapons programs and missiles of the North Korean regime.

The report also draws a framework in which financial motivation practically represents the bulk of attacksreaching 65 percent of all interactive operations. Likewise, it highlights that the groups that have based their extortion on ‘ransomware’ (digital data kidnapping) have published the names of 572 technological entities on filter sites dedicated to this crime.

In fact, A close example of this ‘modus operandi’ was recently suffered by the video game company Rockstar Games.when a group of hackers managed to breach its servers to steal the entire commercial strategy of GTA Online. The attackers started a countdown by threatening to release all sensitive data for free if the company did not pay the demanded ransom.

The CrowdStrike report also highlights the specialization of cybercrime groups, that use ‘scripts’ generated by AI to extract credentials and delete forensic evidence, or how they take advantage of the possible vulnerabilities faced by OpenClaw (the open source artificial intelligence virtual assistant) with fake extensions with which they are capable of stealing information on systems under macOS.

STARDUST CHOLLIMA, another of North Korea’s state cyber espionage groups, compromised NPM’s Axios package, which was downloaded 100 million times a week. This meant the potential exposure of millions of indirect users and contamination of the open source software supply chain.

At a time when China has put AI models (DeepSeek, Kimi and others) on the table as an open source alternative at much lower costs than the closed solutions that come from the West from AI laboratories such as Anthropic or OpenAI, Meyers states that “China uses cyber espionage as an industrial policy to try to close the AI ​​innovation gap“.