China Escalates AI Espionage, Tech Sector Under Intense Attack

According to the latest 2026 Technology Threat Landscape Report released by cybersecurity giant CrowdStrike, China-linked actors are significantly escalating their espionage activities against technology organizations to steal artificial intelligence (AI) capabilities and intellectual property. The report reveals that the technology sector is now the most targeted industry globally, primarily because the world's most valuable AI assets are concentrated within technology firms. More than 58% of state-sponsored targeted intrusions against this sector were attributed to China-nexus adversaries.

CrowdStrike's report, covering activities from April 1, 2025, to March 31, 2026, emphasizes that China-linked cyber actors are intensifying espionage against technology organizations to acquire AI capabilities and intellectual property they cannot develop fast enough on their own. Chinese-linked groups such as MURKY PANDA, MUSTANG PANDA, OVERCAST PANDA, SUNRISE PANDA, and WARP PANDA have targeted the technology sector more than any other industry. Notably, MURKY PANDA's password-spraying campaign alone affected over 340 U.S.-based entities. The primary objective of these attacks is to obtain AI research, data, software development environments, and intellectual property.

The report suggests that U.S. restrictions on China's access to AI training chips have impeded Beijing's technological advancement, likely fueling these espionage efforts. Beyond China-linked actors, North Korea-linked groups like FAMOUS CHOLLIMA are also accelerating fraudulent IT worker schemes to funnel revenue to their regime and gain access to tech firms, accounting for 47% of state-sponsored interactive intrusions in the sector. Furthermore, financially motivated cyberattacks constituted 65% of all interactive operations against the technology sector. Initial access brokers advertised access to 277 technology organizations, indicating a nearly 30% increase in demand compared to the previous year.

The technology sector remains the most targeted industry by both foreign governments and cybercriminals due to the concentration of valuable AI assets. These attacks pose a significant threat to companies developing frontier AI models and smaller, domain-specific model developers. The theft of intellectual property undermines the competitive advantage of targeted companies and nations, aligning with the Chinese government's strategic priorities for technology development, intellectual property, and information of strategic and economic value. The White House Office of Science and Technology Policy has accused China-based entities of conducting “deliberate, industrial-scale campaigns” to surreptitiously distill U.S.-developed AI models for their own purposes.

These cyber espionage activities are viewed as part of an ongoing “AI arms race” between the U.S. and China for global AI dominance, with China aiming to achieve global leadership by 2030. U.S. restrictions on AI chip access are cited as a key factor driving China's motivation for espionage, as it impacts their pace of developing indigenous AI capabilities. The Chinese Embassy in Washington, however, has dismissed the report's findings, stating that China opposes hacking activities and rejects “vilification and smears under the pretext of cybersecurity”. This situation highlights broader geopolitical and economic contexts, including national security, economic competition, and the protection of intellectual property.

Cybersecurity experts underscore the critical need for robust defense mechanisms as adversaries accelerate and evolve their tactics using AI. The shift towards malware-free intrusions and rapid “breakout times” (the average eCrime breakout time dropped to 29 minutes in 2025) leaves defenders with little room for error. The CrowdStrike report clearly demonstrates how AI is scaling attacks and lowering the barriers to entry for threat actors. This threat is not limited to state-sponsored groups but also encompasses financially motivated cybercriminals who are leveraging AI, indicating a further increase in cybersecurity risks in the foreseeable future.