CROWDSTRIKE 2025 THREAT HUNTING REPORT
Get the ReportON-DEMAND SIEM MASTERCLASS WEBINAR
Watch RecordingON-DEMAND POWER VIRTUAL SERVER SESSION
Watch RecordingON-DEMAND UNVEILING NEW POWERS ON IBM CLOUD
Watch the RecordingGlassHouse Systems Named A Great Place To Work! Read more
Read the 2025 report and discover key trends and shifts observed by the CrowdStrike OverWatch team, and required actions organizations must take to defend themselves.
The CrowdStrike 2025 Threat Hunting Report explores the evolving landscape of cyber threats and adversary behavior from July 2024 to June 2025. It emphasizes how sophisticated adversaries are using cross-domain tactics and generative AI (GenAI) to increase attack speed, stealth, and success.
With a sharp increase in cloud-based attacks and identity-driven intrusions, CrowdStrike’s Counter Adversary Operations team works vigilantly to protect thousands of customers, and they outline the tactics, techniques, and technologies required to proactively detect, disrupt, and defend against these threats. Highlighted in the report are the following insights:
Rise of AI-powered attacks - A new wave of adversaries are increasingly operating across cloud, identity, and endpoint environments to evade detection. GenAI is being weaponized for phishing, deepfakes, and malware development — notably by DPRK’s FAMOUS CHOLLIMA using AI to infiltrate over 320 companies under false employment. Threat actors are also increasingly using Agentic AI to exploit vulnerabilities in tools used to build AI agents. These attacks thereby reshape the enterprise attack surface by exploiting autonomous workflows which use minimal human interaction.
Cloud threats and attacks surge - Cloud intrusions rose 136% in early 2025 compared to all of 2024. China-nexus actors like GENESIS PANDA and MURKY PANDA are rapidly maturing in cloud exploitation, targeting sensitive sectors like telecommunications and government.
Identity as the new frontier - Vishing attacks are skyrocketing, with 442% increase from the first to the second half of 2024 (in 2025, vishing attacks have already surpassed the total number from 2024), led by SCATTERED SPIDER using compromised credentials and help desk social engineering to gain privileged access.
Traditional endpoint monitoring is no longer enough. This report reinforces the need for cross-domain threat hunting, AI-driven detection, identity protection, and next-gen SIEM integration. When adversaries pivot faster, defenders must move smarter.
We look forward to your attendance!