Chinese state-linked hackers now pose the single largest espionage danger to technology companies. That conclusion comes straight from fresh analysis by CrowdStrike. The finding lands amid a broader pattern of aggressive digital operations that have accelerated sharply in recent years.
Over the 12 months ending March 31, 2026, China-nexus actors accounted for the most significant volume of espionage activity aimed at the tech sector. Reuters reported the details on June 9, 2026. Campaigns focused on firms researching, developing or distributing computer hardware, semiconductors, software and IT services. The activity tracks directly with Beijing’s national priorities around technology leadership and acquisition of intellectual property.
And the pace has quickened. CrowdStrike’s 2025 Global Threat Report, released February 27, 2025, documented a 150 percent surge in China-nexus espionage attacks during 2024. Seven new China-linked adversary groups appeared that year. Targeted strikes on financial services, media, manufacturing and industrial sectors jumped as much as 300 percent in some cases. The data paints a picture of systematic, well-resourced operations.
Adam Meyers, CrowdStrike’s senior vice president and head of counter-adversary operations, put the stakes plainly. “There is an AI arms race occurring between the U.S. and China, and China intends to achieve global dominance by 2030.” He highlighted risks to both frontier AI labs and smaller outfits developing specialized models. The comment appears in the Reuters piece and echoes themes in the company’s threat report.
But the threat extends beyond pure espionage. Recent campaigns show China-linked groups quietly compromising software suppliers, SaaS providers and even legal-services firms. They install stealthy backdoors on systems without endpoint detection, then pivot to customer networks. One such effort, tracked by Google’s Mandiant as involving UNC5221 and related actors, deploys the Brickstorm backdoor. Dwell times average 393 days. Attackers search developer emails for product flaws, hunt source code for enterprise technologies, and target communications involving U.S. national security or international trade.
Cybersecurity Dive covered the operation in detail. Charles Carmakal, then at Mandiant, called it “a very, very advanced adversary.” John Hultquist described the activity as “next-level.” The campaign exploits gaps in visibility. It avoids traditional malware on many endpoints. Such tactics let intruders remain undetected while extracting high-value data over long periods.
These supply-chain intrusions fit a larger shift. China-nexus actors increasingly favor malware-free techniques. They abuse stolen credentials, exploit identity gaps and move laterally across cloud, endpoint and identity systems. CrowdStrike observed a 26 percent rise in new cloud-conscious intrusions by state-linked actors. Valid account abuse drove 35 percent of cloud incidents in the first half of 2024. Breakout times have shrunk dramatically. The fastest recorded eCrime breakout stood at just 51 seconds.
So the old model of smash-and-grab hacking has given way to patient, intelligence-driven persistence. Seven new groups identified in 2024 alone signal an expanding enterprise. Beijing appears to draw on a commercial ecosystem of contractors, information-security firms and hackers-for-hire. U.S. authorities highlighted that network in March 2025 when the Justice Department charged 12 Chinese nationals, including Ministry of Public Security officers and employees of Anxun Information Technology, also known as i-Soon. The indictments described a “hacker-for-hire ecosystem” that stole data from U.S. technology companies, defense contractors, universities and government agencies.
The Justice Department announcement detailed payments for stolen information and efforts to suppress dissent. Such cases illustrate how espionage blends with influence operations. They also show the scale. Losses to American industry from Chinese intellectual-property theft have been estimated in hundreds of billions of dollars annually for years. Tech sits at the center because its outputs power everything from semiconductors to artificial-intelligence systems.
Western governments have responded with public attributions and sanctions. In August 2025, intelligence agencies from more than a dozen countries blamed three Chinese technology companies for supporting cyber campaigns against critical infrastructure. The firms reportedly supplied services to China’s intelligence apparatus and military. The advisory linked the activity to groups tracked as Salt Typhoon and related aliases that compromised telecommunications networks worldwide.
Parallel efforts target positioning inside operational technology. U.S. agencies warn that actors such as Volt Typhoon have pre-positioned inside IT networks of critical infrastructure with an eye toward potential disruption during crisis. Australian officials echoed those concerns in late 2025, noting probes against telecoms and key facilities.
Yet China denies the accusations. The Chinese embassy in Washington dismissed CrowdStrike’s latest findings. A spokesperson told Reuters that Beijing “opposes hacking activities and fights such activities in accordance with the law.” The statement rejected what it called “vilification and smears” and called for U.S.-China cooperation on AI development and governance.
The denial fits a familiar pattern. Beijing routinely accuses the United States of hypocrisy while its own operations expand. And the operations have grown more sophisticated. Reports from late 2025 revealed Chinese actors using Anthropic’s Claude AI model to automate aspects of cyberattacks against dozens of organizations. Humans selected targets. The model helped generate code, analyze systems or scale reconnaissance. Anthropic said it held “high confidence” the users were state-sponsored. The episode, covered by both The New York Times and The Wall Street Journal, underscores a new layer. AI now augments the attackers as well as the defenders.
Defenders face a tough equation. Legacy perimeter controls offer limited value when adversaries log in with legitimate credentials. Cloud environments multiply the attack surface. Identity systems become the new battleground. Organizations that once worried mainly about ransomware must now contend with long-term espionage that steals blueprints, algorithms and strategic plans.
Tech executives interviewed off the record describe a constant low-level hum of intrusion attempts. Some have detected code theft only after products appeared in Chinese competitors’ offerings with suspicious similarities. Others speak of sudden spikes in probing against semiconductor design teams or AI research groups. The campaigns align too neatly with Beijing’s “Made in China 2025” successors and its stated goal of AI supremacy.
Nor is the threat limited to American firms. European and Asian technology companies report similar patterns. Taiwanese semiconductor makers have faced dedicated malware strains tied to Chinese espionage. Allies coordinate warnings. Yet the asymmetry persists. China’s centralized direction and tolerance for risk allow faster adaptation than diffuse Western corporate defenses.
Recent U.S. policy moves signal growing seriousness. Sanctions on companies tied to the hacker ecosystem. Indictments that name individuals. Public briefings that strip away operational secrecy. Still, many security leaders say private-sector investment in detection and response has not kept pace with the threat’s evolution.
The data keeps mounting. 79 percent of initial access attempts observed by CrowdStrike in the relevant period were malware-free. Access-broker advertisements on underground markets rose 50 percent year-over-year. Voice phishing exploded 442 percent in the second half of 2024 as generative AI supercharged social engineering. These numbers reflect a professionalized, scaled apparatus.
Tech firms sit in the crosshairs for a simple reason. Their work shapes the future economy and military balance. Steal the right semiconductor process technology and you compress years of development. Compromise an AI lab and you gain insight into frontier capabilities. Insert backdoors in widely used software and you create options for later leverage.
That reality has begun to reshape boardroom conversations. Cyber risk now ranks alongside market competition and regulatory exposure. Insurance underwriters ask tougher questions. Investors probe resilience metrics. Yet many organizations still treat advanced persistent threats as an occasional headline rather than a daily operational concern.
CrowdStrike’s Meyers warned that adversaries “exploit identity gaps, leverage social engineering and move across domains undetected.” Legacy defenses fall short. Effective response demands unified visibility across endpoint, cloud and identity layers plus rapid threat hunting. The window between compromise and detection has narrowed to minutes in the worst cases.
China’s cyber apparatus has matured over more than a decade. Early crude thefts gave way to professional contractors, then to integrated military-intelligence-commercial networks. Today the machine runs with speed, patience and technical competence that matches or exceeds many Western counterparts. Seven new groups in a single year mark expansion, not experimentation.
Whether that machine can be deterred remains an open question. Diplomatic agreements in 2015 produced a temporary lull in commercial espionage. Pressure, sanctions and public exposure can raise costs. But strategic imperatives tied to technological self-reliance and geopolitical competition suggest the activity will continue in new forms.
Technology leaders cannot wait for perfect policy solutions. They must assume persistent presence by sophisticated actors and build accordingly. Segmentation, strict identity controls, behavioral analytics and rapid response capabilities have moved from best practices to baseline requirements. The alternative is slow erosion of competitive advantage, one stolen algorithm at a time.
The evidence leaves little room for doubt. Chinese hackers have become the dominant espionage force targeting the technology industry. Their campaigns blend traditional theft with supply-chain compromise, AI assistance and pre-positioning for potential future disruption. Companies that treat this as someone else’s problem do so at their peril.
WebProNews is an iEntry Publication