Last year, 81% of interactive intrusions happened without a single piece of malware. While your legacy security tools scanned for known threats, adversaries walked through the front door using legitimate credentials and living-off-the-land techniques. The question isn’t whether you’ll be targeted—it’s whether you’ll detect them in time.
The CrowdStrike 2025 Threat Hunting Report reveals what happens when threat intelligence meets continuous hunting across thousands of customer environments. From July 2024 to June 2025, CrowdStrike OverWatch tracked a 27% year-over-year increase in interactive intrusions, with 73% attributed to eCrime operations. These aren’t automated attacks. These are hands-on-keyboard adversaries who understand your environment better than you might expect.
The Threat Landscape Just Shifted
Cloud environments saw a staggering 136% increase in intrusions during the first half of 2025 compared to all of 2024. China-nexus adversaries demonstrated a 40% year-over-year increase in cloud-conscious operations, specifically targeting telecommunications providers with surgical precision. Meanwhile, vishing attacks already exceeded 2024’s total volume—and we’re only halfway through the year.
Consider this: the government sector experienced a 71% year-over-year increase in overall interactive intrusions and a 185% spike in targeted intrusion activity. Technology remains the most frequently targeted industry for the eighth consecutive year, but telecommunications saw a 130% increase in nation-state activity. The adversaries aren’t rotating targets—they’re expanding operations.
GenAI Changes Everything
Nation-state adversaries and eCrime operators alike are weaponizing generative AI across three primary vectors: social engineering, technical operations, and information campaigns. Iran’s CHARMING KITTEN likely adopted AI for phishing content generation. Russia’s EMBER BEAR financed AI infrastructure for pro-Russia propaganda. The DPRK’s FAMOUS CHOLLIMA conducted over 320 fraudulent employment schemes as remote software developers, leveraging GenAI tools throughout the entire hiring and employment process.
This isn’t theoretical. These adversaries are already inside networks, using AI to draft convincing emails, generate synthetic identities, optimize social engineering campaigns, accelerate vulnerability research, and enhance malware capabilities. They’re operating faster, staying hidden longer, and adapting in real-time.
What Defenders Need Now
This report delivers actionable intelligence from CrowdStrike’s Counter Adversary Operations team—the integrated force combining CrowdStrike Intelligence analysts with CrowdStrike OverWatch threat hunters. You’ll discover:
- How cross-domain threat hunting detects adversaries operating across identity, endpoint, and cloud environments simultaneously
- Why traditional security tools miss 81% of modern intrusions
- Specific tactics, techniques, and procedures (TTPs) used by the most intrusive adversaries, including GLACIAL PANDA, GENESIS PANDA, and MURKY PANDA
- Six critical recommendations for defending against AI-augmented attacks
- Real-world case studies showing how threat hunters identify adversaries living off the land
The telecommunications sector provides a compelling example. CrowdStrike OverWatch routinely identifies multiple threat actors conducting concurrent operations on the same target network. Deep knowledge of adversaries’ characteristic behaviors enables threat hunters to separate and track these activities—leading to the discovery of GLACIAL PANDA, the latest China-nexus adversary specializing in long-game intelligence collection.
Your Next Move
The adversaries already adapted. They’re faster, stealthier, and more sophisticated than ever. The CrowdStrike 2025 Threat Hunting Report provides the intelligence-driven insights your security team needs to detect, disrupt, and stop today’s enterprising adversaries.
Download your complimentary copy now and discover why proactive, intelligence-informed threat hunting is no longer optional—it’s essential.
