2025年全球威胁报告

Foreword Don’t Underestimate Today’s Enterprising Adversaries Watch any nature program, and you’ll quickly discover what happens to animalsthat underestimate their adversaries. They become prey. The same principle Our latest research demonstrates that adversaries are becoming more efficient,focused, and business-like in their approach — in many ways, more like theenterprise organizations they prey upon. That’s why our team of security analysts, Take generative artificial intelligence (genAI), for instance. Highly effectiveadversaries across all major categories — nation-state, eCrime, and hacktivist —have become early and avid adopters. The “force multiplier” impact of Along with legitimate organizations, easy access to commercial large languagemodels (LLMs) is making adversaries more productive, too. It’s shortening theirlearning curve and development cycles, and it’s allowing them to increase the At CrowdStrike, we aren’t waiting for threat actors to experience their next“aha” moment. We are accelerating our own use of AI techniques — from ourfoundational machine learning capabilities to our leading-edge generative andagentic AI models — to help our customers anticipate the next zero-day attacks in Adversarial Enterprise Takes Its Toll The job of protecting your organizations continues to get harder by the day.You’ll find ample evidence of this fact in the data that follows. The number ofnew “named adversaries” tracked by the elite CrowdStrike Counter Adversary The purpose of this report is to arm you, the world’s security professionals anddedicated cyber defenders, with the knowledge you need to keep a step ahead Here are a few key facts you should know about the shifting Breakout time — how long it takes for an adversary to start moving laterallyacross your network — reached an all-time low in the past year: The average Voice phishing (vishing) attacks, where adversaries call victims to amplifytheir activities with persuasive social engineering techniques, saw explosive Attacks related to initial access boomed, accounting for52%ofvulnerabilities observed by CrowdStrike in 2024. Providing access as a Among nation-states, China-nexus activity surged150%overall,with some targeted industries suffering200% to 300%more attacks than GenAI played a pivotal role in sophisticated cyberattack campaignsin 2024. It enabledFAMOUS CHOLLIMAto create highly convincing fakeIT job candidates that infiltrated victim organizations, and it helped China-, As with every product and service we provide, we hope this year’sGlobal Threat Report makes you more aware, more attuned to the threatsyou may be facing now or in the near future, and better equipped overall » THE ADVERSARIES MENTIONED IN THISREPORT AND THOSE TARGETING YOURINDUSTRY OR REGION, CHECK OUT THE CrowdStrike remains at your service and wholly dedicated to thesingle-minded vision and mission on which the company was foundedmore than a decade ago. Our company, our platform, and our people are CrowdStrike CEO and Founder Table of Introduction Naming Conventions Threat Landscape Overview9 15 Conclusion 53 Introduction The CrowdStrike 2025 Global Threat Report is the industry’s preeminentsource on adversary intelligence, examining the emerging adversary trendsof the past year. During 2024, adversaries matured faster than ever, innovatingtechniques and tools as well as finding creative solutions to circumvent modern eCrime adversaries exemplified such enterprising cyberattacks, constantlyadapting to shifting environments and quickly scaling effective operations.Throughout 2024, initial access techniques began to shift — eCrime adversariesbegan moving away from phishing to alternative access methods. This shift These shifting initial access methods are consistent with a larger trend identifiedin the CrowdStrike 2024 Threat Hunting Report: Rather than delivering malware,eCrime adversaries are increasingly leveraging legitimate remote monitoring and In 2024, China’s cyber espionage operations reached new levels of maturity, withadversaries maintaining a higher operational tempo than observed in 2023 andengaging in prolific targeting. Decades of government investment into China’scyber workforce and programs have yielded matured capabilities and efficienciesas well as an increasing number of new, specialized China-nexus adversaries. In2024, CrowdStrike graduated seven new China-nexus adversaries and observeda 150% increase in China-nexus activity across all sectors on average compared Democratic People's Republic of Korea (DPRK)-nexus adversaries LABYRINTH CHOLLIMA, VELVET CHOLLIMA, and SILENT CHOLLIMA consistently targeted defense and aerospace entities in various countries.However, similar to previous years, most of these adversaries’ cyber operationsfocused on generating currency, which has become a lifeline for the regime. While DPRK adversaries have skillfully shifted their operations to supportlarge-scale currency generation over the