CROWDSTRIKE 2025 THREAT HUNTING REPORT

Get the Report

ON-DEMAND SIEM MASTERCLASS WEBINAR

Watch Recording

ON-DEMAND POWER VIRTUAL SERVER SESSION

Watch Recording

ON-DEMAND UNVEILING NEW POWERS ON IBM CLOUD

Watch the Recording
GHS logo hd vertical

CrowdStrike 2025 Threat Hunting Report

Read the 2025 report and discover key trends and shifts observed by the CrowdStrike OverWatch team, and required actions organizations must take to defend themselves. 

 

The CrowdStrike 2025 Threat Hunting Report explores the evolving landscape of cyber threats and adversary behavior from July 2024 to June 2025. It emphasizes how sophisticated adversaries are using cross-domain tactics and generative AI (GenAI) to increase attack speed, stealth, and success.

With a sharp increase in cloud-based attacks and identity-driven intrusions, CrowdStrike’s Counter Adversary Operations team works vigilantly to protect thousands of customers, and they outline the tactics, techniques, and technologies required to proactively detect, disrupt, and defend against these threats. Highlighted in the report are the following insights: 

  • Rise of AI-powered attacks - A new wave of adversaries are increasingly operating across cloud, identity, and endpoint environments to evade detection. GenAI is being weaponized for phishing, deepfakes, and malware development — notably by DPRK’s FAMOUS CHOLLIMA using AI to infiltrate over 320 companies under false employment. Threat actors are also increasingly using Agentic AI to exploit vulnerabilities in tools used to build AI agents. These attacks thereby reshape the enterprise attack surface by exploiting autonomous workflows which use minimal human interaction.  

  • Cloud threats and attacks surge - Cloud intrusions rose 136% in early 2025 compared to all of 2024. China-nexus actors like GENESIS PANDA and MURKY PANDA are rapidly maturing in cloud exploitation, targeting sensitive sectors like telecommunications and government.

  • Identity as the new frontier - Vishing attacks are skyrocketing, with 442% increase from the first to the second half of 2024 (in 2025, vishing attacks have already surpassed the total number from 2024), led by SCATTERED SPIDER using compromised credentials and help desk social engineering to gain privileged access. 

 

Traditional endpoint monitoring is no longer enough. This report reinforces the need for cross-domain threat hunting, AI-driven detection, identity protection, and next-gen SIEM integration. When adversaries pivot faster, defenders must move smarter. 

cs-threat-hunting-report-2025-title-page-1 cs-threat-hunting-report-2025-title-page

GET THE REPORT

 

 

 

We look forward to your attendance! 

 

 

GHS logo hd horizontal-3