CrowdStrike Discloses Explosive Growth in Cloud, Identity, and AI-Driven Intrusions

Cyber adversaries are evolving into enterprising operators, blending stealth, speed, and AI-driven tactics to outpace traditional defenses. The CrowdStrike 2025 Threat Hunting Report exposes how these sophisticated actors exploit cloud environments, identities, and generative AI to launch cross-domain attacks.

According to CrowdStrike, cybersecurity experts observed a sharp rise in sophisticated attacks, with interactive intrusions increasing by 27% year-over-year, and 81% of them being malware-free. eCrime dominated the landscape, accounting for 73% of these intrusions, while cloud attacks surged by 136% in early 2025 compared to all of 2024. China-nexus actors drove a 40% increase in cloud-focused attacks, and vishing attacks surpassed last year’s totals within the first half of 2025.

Adversaries are no longer focusing on single domains; they now operate across identity, endpoint, and cloud environments. These threat actors leverage stealth and speed to evade traditional defenses. For instance, China-based groups have been involved in long-term telecom espionage, and others are exploiting cloud misconfigurations for rapid gains.

Generative AI in cyber operations

The CrowdStrike 2025 Threat Hunting Report indicates that generative AI has become a powerful tool for attackers. AI tools allow them to design convincing phishing campaigns, create synthetic identities, and even develop malware. Earlier this year, CrowdStrike observed that various threat actors exploited an unauthenticated code injection vulnerability (CVE-2025-3248) in Langflow AI. Langflow is a popular tool that allows developers to build AI agents and workflows.

“Threat actors leveraged CVE-2025-3248 against this AI tool to pursue three main objectives: persistence, credential access, and malware deployment,” CrowdStrike explained. “This activity demonstrates that threat actors are viewing AI tools as integrated infrastructure rather than peripheral applications, targeting them as primary attack vectors.”

North Korea-nexus FAMOUS CHOLLIMA leads this trend, which uses AI to generate resumes, deepfake interviews, and assist with coding tasks. This group leveraged generative AI to infiltrate over 320 companies, which is a 220% YoY increase.

Identity exploitation in cross-domain attacks

This report also highlighted that hackers exploit weaknesses in human and process-driven identity verification to move laterally across environments. These identity-based breaches often lead to cross-domain attacks. In one incident, an eCrime group, SCATTERED SPIDER, accelerated ransomware deployment to 24 hours post-initial access. This group relies heavily on vishing and help desk impersonation to steal credentials, bypass multifactor authentication (MFA), and gain persistence.

After authentication, attackers quickly transition into connected SaaS platforms such as data warehousing, document management, and identity and access management platforms. These entry points enable them to maintain persistence, move laterally across the environment, and extract large volumes of sensitive data.

Recommendations for organizations

CrowdStrike recommends that organizations take a couple of security measures to protect their organizations against cyberattacks.

1. Strengthen identity security

Administrators should implement phishing-resistant MFA (such as hardware tokens), enforce strict password reset procedures, and monitor for unusual authentication patterns across on-premises, cloud, and SaaS environments.

2. Close cross-domain visibility gaps

IT teams need to adopt XDR and next-gen SIEM solutions that unify telemetry from all domains. This enables correlation of suspicious behaviors and faster detection of lateral movement.

3. Defend cloud environments as core infrastructure

Organizations must deploy cloud-native application protection platforms (CNAPP) with detection and response capabilities. It enforces least-privilege access and continuously audits for misconfigurations, exposed APIs, and unused permissions.

4. Prepare for AI-driven threats

Administrators should secure their own AI tools against exploitation, monitor for abnormal usage, and train staff to recognize AI-enhanced social engineering tactics.

5. Build incident readiness

IT teams must maintain isolated backups, rehearse incident response playbooks, and conduct regular tabletop exercises. This ensures rapid containment and recovery in case of security breaches.