Image Credit: Shutterstock
Key Takeaways
- China-nexus groups were responsible for more than 58% of state-sponsored targeted intrusions against the technology sector in the year to March 2026, according to CrowdStrike.
- Five named groups drove the campaigns, with CrowdStrike characterizing AI capabilities as the highest-value intelligence collection target and linking the activity to Beijing’s 2030 AI leadership goal.
- CrowdStrike expects China-nexus adversaries to continue prioritizing technology sector targets for at least the next 12 months, driven by US-China decoupling, sanctions enforcement, and economic espionage.
China-nexus adversaries attacked the technology sector more than any other industry between April 2025 and March 2026, stealing artificial intelligence capabilities and intellectual property, according to a report from cybersecurity firm CrowdStrike. The firm attributed more than 58% of state-sponsored targeted intrusions against the technology sector to China-nexus groups during the period.
CrowdStrike Links Campaign to Beijing’s 2030 AI Leadership Goal
CrowdStrike connected the intrusion activity to Beijing’s drive for technological self-sufficiency and its stated goal of achieving global AI leadership by 2030. The firm identified five groups driving the campaigns: MURKY PANDA, MUSTANG PANDA, OVERCAST PANDA, SUNRISE PANDA, and WARP PANDA.
MURKY PANDA’s password-spraying operation alone targeted more than 340 US-based entities during the tracking period. The report described the strategic rationale for targeting technology firms directly. The report stated:
“Technology entities in general serve as a strategic target for China-nexus adversaries because access to such entities provides high-value intelligence collection as well as access to downstream customer environments that can enable potential supply chain compromises.”
AI Capabilities Ranked as Highest-Value Intelligence Collection Target
CrowdStrike said Beijing could apply stolen capabilities to military modernization, economic growth, and intelligence gathering, and characterized AI capabilities as the highest-value intelligence collection target among the campaigns it tracked.
Adam Meyers, who heads counter-adversary operations at CrowdStrike, said the espionage reflects a deliberate industrial policy rather than opportunistic hacking.
“China runs cyberespionage as an industrial policy to try to close the AI innovation gap, demonstrating that AI capabilities are the prize adversaries are after,” Meyers said. “Whether you’re building AI or adopting it, security has to be built in from the start.”
CrowdStrike Expects China to Keep Prioritizing Tech Targets for at Least 12 Months
CrowdStrike said it expects China-nexus adversaries to continue prioritizing technology sector targets for at least the next 12 months, citing US-China decoupling, sanctions enforcement, and economic espionage as the primary drivers of ongoing activity.
Anthropic has separately argued, in its May 14, 2026 policy paper ‘2028: Two Scenarios for Global AI Leadership,’ that Washington could secure a 12 to 24-month advantage over China in AI through measures targeting chip smuggling, offshore data centers, and model distillation.
