Tech

CrowdStrike: China-Linked Cyberattacks Surge on AI Targets

CrowdStrike warned that China-nexus adversaries accounted for more than 58% of state-sponsored cyberattacks targeting technology companies over the 12 months ending March 31, and that many of those intrusions focused on stealing AI capabilities and intellectual property. The trend raises theft, supply-chain and competitive risks for U.S. AI developers and could accelerate spending on cybersecurity and secure compute.

CrowdStrike: China-Linked Cyberattacks Surge on AI Targets

Key Takeaways

  • China-linked actors carried over 58% of state-sponsored targeted cyberattacks on technology firms in the 12 months through March 31.
  • CrowdStrike's analysis says many attacks specifically targeted AI assets and maintained persistent access by exploiting vulnerabilities.
  • U.S. restrictions on AI training chips have constrained Beijing's sourcing, pushing China toward homegrown models and increasing incentives for theft.
  • Attacks had global reach, hitting targets across North America, Europe and Asia and including government communications in Southeast Asia.

People Involved

  • No specific individuals mentioned

Entities Involved

  • CrowdStrike (CRWD)Cybersecurity firm; author of the analysis attributing increased China-linked attacks
  • U.S. technology companiesPrimary targets of state-sponsored intrusions aimed at AI capabilities and IP
  • Chinese state-linked cyber actorsAttributed adversaries conducting operations to acquire AI-related tech and data
  • AnthropicAI company that has previously alleged extraction of competitive intelligence (reported)
  • OpenAIAI company that has previously alleged extraction of competitive intelligence (reported)
  • China's Cyberspace AdministrationChinese regulator (CNBC reported it did not respond to a request for comment; unverified)
  • North Korea-affiliated groupsReportedly attempted infiltrations of IT workforces to generate revenue for the regime (low confidence)

MarketMoodz Analysis

For investors this escalation matters because it changes the risk calculus across several sectors. Cybersecurity vendors, cloud providers and managed security service firms should see stronger demand as companies harden AI pipelines, secure training data and lock down model weights; expect higher enterprise security budgets and faster adoption of endpoint detection and response, identity and access management, and secure enclaves. Chipmakers and cloud infrastructure providers could face bifurcated demand: continued spending to support secure, high-performance AI workloads versus potential export-control-driven shifts in supply chains that raise costs and project timelines.

The >58% figure over the 12 months through March 31 marks a notable intensification in attribution toward China-linked actors compared with prior years, tying together three trends: U.S. export restrictions on advanced training chips, China's push for domestic AI models, and persistent state-backed cyber espionage. Vendor attribution has limits — CrowdStrike itself noted the boundaries of illicit behavior can be blurry — so investors should weigh the analysis alongside independent disclosures (for example, allegations from Anthropic and OpenAI) and regulatory developments that could alter incentives or trigger sanctions.

Watch the next few quarters for tangible signs: increased procurement and revenue guidance from security vendors, higher capital expenditure from cloud providers to offer hardened AI environments, and any shifts in U.S. export policy or sanctions that affect chip supply. Also monitor disclosures from major AI firms about incidents, CrowdStrike's follow-up reporting, and any public investigations that either corroborate or challenge the vendor's attribution; those outcomes will determine whether this is a structural shift in the AI security landscape or a spike that policies and corporate defenses can blunt.

See the mood, every market morning

Get the Dip Buyer's Checklist — the 10 checks before you buy any dip — plus the free Morning Mood email: the market's fear/greed gauge and one name off the Oversold Board, before the open.

Get the free checklist + daily email

Want the whole Board? See the Dip Buyer's Edge →

This article is for informational purposes only and is not investment, financial, tax, or legal advice. Ratings and research outputs can be wrong, incomplete, or stale. Past performance does not guarantee future results. Always do your own research and consider consulting a qualified professional.