Blab Tech
CrowdStrike Report Identifies China-Linked Hackers as Top Espionage Threat to U.S. Tech Firms
In a June 9 2026 threat‑intelligence release, CrowdStrike Holdings, Inc. identified China‑linked hacking groups as the dominant source of espionage activity against U.S. technology companies over the past year.
The study, covering April 1 2025 through March 31 2026, zeroed in on attacks targeting firms that research, develop, or distribute computer hardware, semiconductors, software, and related IT services. While the report does not single out individual companies, it makes clear that the attacks were aimed at organizations involved in advanced technology development and intellectual property that hold strategic and economic value.
According to the findings, the technology sector remained the most targeted industry by both foreign governments and cybercriminals. Chinese state‑aligned actors carried out the largest volume of espionage campaigns, a pattern the report says aligns with the Chinese government’s strategic priorities, including the acquisition of technology and information that could support national development goals.
“These findings come at a time of heightened investment in artificial intelligence (AI) and the emergence of an ‘AI arms race’ between the United States and China,” said Adam Meyers, CrowdStrike’s senior vice president of counter‑adversary operations.
A related development came on April 23 2026, when the White House Office of Science and Technology Policy (OSTP) accused China‑based entities of running “industrial‑scale” campaigns to covertly copy U.S. AI models for their own use. The OSTP highlighted a recent example in which a foreign actor extracted a frontier AI model from a U.S. company. Meyers noted that the threat extends to both large research laboratories and smaller, domain‑specific model developers.
The Chinese Embassy in Washington responded to the CrowdStrike report by rejecting the allegations. A spokesperson said China opposes hacking activities and that the country would fight such actions in accordance with the law. The embassy also urged cooperation between the United States and China on AI development and governance, citing constructive exchanges between the two nations’ leaders during a recent visit.
Beyond China, the report identified significant threats from other state‑aligned actors. North Korean hacking groups were described as posing a major risk through a scheme that uses fake identities to secure remote IT positions at technology companies. The workers’ salaries are funneled back to the Pyongyang government, and their inside access provides a foothold for intelligence gathering.
Russian and Iran‑linked hacking groups were also noted for targeting U.S. and other nations’ technology sectors. Their activities include intelligence collection and, at times, destructive malware attacks. The report also documented a 30 % increase in advertisements from financially motivated cybercriminal groups that sell access to technology firms.
The findings underscore the continued prominence of the technology industry as a target for espionage and cybercrime. CrowdStrike’s analysis suggests that the convergence of AI development and high‑value intellectual property makes tech firms especially attractive to state‑sponsored actors.
Regulatory and policy responses are still unfolding. The OSTP’s April 23 statement signals a potential shift toward stricter oversight of AI model export and collaboration. Meanwhile, the Chinese Embassy’s comments indicate that diplomatic channels remain open for dialogue on cybersecurity cooperation.
At present, no specific companies have been named in the report, and the Chinese government has not confirmed or denied the allegations. CrowdStrike’s data points to a broader trend of increased cyber‑espionage activity that aligns with geopolitical competition, particularly in the AI domain. The report’s release comes as the U.S. and its allies continue to assess the security implications of rapid AI deployment and the potential for state actors to leverage stolen models.
The situation remains fluid. Future updates from CrowdStrike, additional statements from U.S. and Chinese officials, and any forthcoming regulatory measures will shape the evolving threat landscape for technology firms.
The study, covering April 1 2025 through March 31 2026, zeroed in on attacks targeting firms that research, develop, or distribute computer hardware, semiconductors, software, and related IT services. While the report does not single out individual companies, it makes clear that the attacks were aimed at organizations involved in advanced technology development and intellectual property that hold strategic and economic value.
According to the findings, the technology sector remained the most targeted industry by both foreign governments and cybercriminals. Chinese state‑aligned actors carried out the largest volume of espionage campaigns, a pattern the report says aligns with the Chinese government’s strategic priorities, including the acquisition of technology and information that could support national development goals.
“These findings come at a time of heightened investment in artificial intelligence (AI) and the emergence of an ‘AI arms race’ between the United States and China,” said Adam Meyers, CrowdStrike’s senior vice president of counter‑adversary operations.
A related development came on April 23 2026, when the White House Office of Science and Technology Policy (OSTP) accused China‑based entities of running “industrial‑scale” campaigns to covertly copy U.S. AI models for their own use. The OSTP highlighted a recent example in which a foreign actor extracted a frontier AI model from a U.S. company. Meyers noted that the threat extends to both large research laboratories and smaller, domain‑specific model developers.
The Chinese Embassy in Washington responded to the CrowdStrike report by rejecting the allegations. A spokesperson said China opposes hacking activities and that the country would fight such actions in accordance with the law. The embassy also urged cooperation between the United States and China on AI development and governance, citing constructive exchanges between the two nations’ leaders during a recent visit.
Beyond China, the report identified significant threats from other state‑aligned actors. North Korean hacking groups were described as posing a major risk through a scheme that uses fake identities to secure remote IT positions at technology companies. The workers’ salaries are funneled back to the Pyongyang government, and their inside access provides a foothold for intelligence gathering.
Russian and Iran‑linked hacking groups were also noted for targeting U.S. and other nations’ technology sectors. Their activities include intelligence collection and, at times, destructive malware attacks. The report also documented a 30 % increase in advertisements from financially motivated cybercriminal groups that sell access to technology firms.
The findings underscore the continued prominence of the technology industry as a target for espionage and cybercrime. CrowdStrike’s analysis suggests that the convergence of AI development and high‑value intellectual property makes tech firms especially attractive to state‑sponsored actors.
Regulatory and policy responses are still unfolding. The OSTP’s April 23 statement signals a potential shift toward stricter oversight of AI model export and collaboration. Meanwhile, the Chinese Embassy’s comments indicate that diplomatic channels remain open for dialogue on cybersecurity cooperation.
At present, no specific companies have been named in the report, and the Chinese government has not confirmed or denied the allegations. CrowdStrike’s data points to a broader trend of increased cyber‑espionage activity that aligns with geopolitical competition, particularly in the AI domain. The report’s release comes as the U.S. and its allies continue to assess the security implications of rapid AI deployment and the potential for state actors to leverage stolen models.
The situation remains fluid. Future updates from CrowdStrike, additional statements from U.S. and Chinese officials, and any forthcoming regulatory measures will shape the evolving threat landscape for technology firms.
