CrowdStrike's latest report provides a vivid overview of emerging cyber threats as adversaries exploit the power of Gen AI to scale attacks. The focus has shifted towards sophisticated strategies targeting autonomous AI agents reshaping enterprises.
The report notes that adversaries have begun operationally leveraging GenAI for diverse malpractices: from creating forged documents to deepfake-engaged interviews. This technological leverage transforms traditional threats into highly scalable operations.
- FAMOUS CHOLLIMA: This North Korean adversary automates insider attack programs using GenAI for tasks ranging from creating fake resumes to performing technical tasks under false identities.
- EMBER BEAR: Utilising Gen AI to bolster pro-Russian narratives.
- CHARMING KITTEN: Iranian adversary engaging in LLM-crafted phishing attacks aimed at U.S. and European targets.
Our reliance on agentic AI exposes vulnerabilities as threat actors exploit tools cultivating AI agents. They leverage vulnerabilities to gain unauthorised access, harvest sensitive credentials, and deploy malware.
Increasingly, eCrime syndicates capitalise on Gen AI to develop sophisticated scripts and malware which previously would have required advanced expertise. Groups like Funklocker and SparkCat exemplify this burgeoning trend of Gen AI-engineered cyber threats.
SCATTERED SPIDER has re-emerged with refocused initiatives, employing visual deception tactics and rapidly executing breaches across cloud infrastructures. Notably, a reported incident witnessed full ransomware deployment in less than a day from initial access.
With a significant surge in cloud-based intrusions — a rise of 136% — China-linked adversaries such as GENESIS PANDA and MURKY PANDA have notably influenced this increase through misconfigurations and trusted accesses.
“The AI era has redefined how businesses operate, and how adversaries attack. We’re seeing threat actors use GenAI to scale social engineering, accelerate operations, and lower the barrier to entry for hands-on-keyboard intrusions,” said Adam Meyers, head of counter adversary operations at CrowdStrike. “At the same time, adversaries are targeting the very AI systems organisations are deploying. Every AI agent is a superhuman identity: autonomous, fast, and deeply integrated, making them high-value targets. Adversaries are treating these agents like infrastructure, attacking them the same way they target SaaS platforms, cloud consoles, and privileged accounts. Securing the AI that powers business is where the cyber battleground is evolving.”
