ai risk today logo svg bl font
Menu
SUBSCRIBE
SUBSCRIBE
ai risk today logo svg bl font
Menu
Hackers Now Use AI To Break In, Get Hired, And Bait Victims, CrowdStrike Reports
A red adversary figure representing hackers putting AI to work against technology companies. (Image: CrowdStrike)

Hackers Now Use AI To Break In, Get Hired, And Bait Victims, CrowdStrike Reports

The most active criminal group attacking technology companies grew its intrusions by more than 120% in a year, with AI-generated scripts in its toolkit.

Key Takeaways

  • PUNK SPIDER, the criminal group with the most break-ins at technology companies, uses AI-generated scripts to steal passwords and likely DeepSeek-built scripts to destroy forensic evidence. Its activity rose more than 120% in a year.
  • FAMOUS CHOLLIMA, a North Korean state group, used AI to help fake IT workers get hired at tech companies and send their salaries home to the regime. It accounted for 47% of all state-backed break-ins against the sector.
  • Criminals spread a new Mac password stealer in early 2026 through fake add-ons for OpenClaw and fake download sites for legitimate AI tools.
  • Chinese state hackers hit tech more than any other sector. CrowdStrike assesses AI is a top theft target for Beijing, which has stated it intends to lead the world in AI by 2030.
  • Iran’s Revolutionary Guard threatened the Middle East locations of 18 US technology and AI companies on March 31.

 

CrowdStrike published its 2026 Technology Threat Landscape Report in early June, covering the 12 months ending March 31, 2026. The report tracks break-ins at technology companies worldwide, the most attacked industry for several years running. A pattern runs through it: hackers use AI at almost every stage of their attacks.

 

AI as a break-in tool

PUNK SPIDER, the criminal group that broke into more technology companies than any other during the period, uses AI-generated scripts to harvest passwords from compromised systems. CrowdStrike says the group likely also uses scripts built with DeepSeek, the Chinese AI model, to shut down a victim’s databases and destroy the evidence investigators would need afterward. The group’s attack volume grew by more than 120% in a year.

North Korea’s FAMOUS CHOLLIMA uses AI to get its programmers hired into remote jobs at technology companies, many of them in the US, not for espionage, but for profit. The workers, stationed abroad, apply using stolen or invented American identities, and AI helps them pass screening and interviews. Once a worker is hired, the company ships a laptop to a paid accomplice in the US, who keeps the machine online so the worker can operate it remotely and appear to be in the US. The salaries go to the North Korean government. The group accounted for 47% of all state-backed break-ins at tech companies, and some of its workers have also stolen data from employers.

In June 2025, the Justice Department searched 29 homes and offices across 16 states where these laptops were located. Prosecutors said the scheme reached more than 100 US companies. The Department of the Treasury has sanctioned middlemen who converted the wages, including more than $600,000 in cryptocurrency, for a North Korean IT firm tied to the country’s defense ministry. The department says the money supports North Korea’s weapons programs.

 

AI as bait

Criminals also used the AI boom itself as a lure. In February 2026, criminals built fake add-ons for the AI tool OpenClaw. Victims who ran the one-line installation command got Skrawl, a new password stealer for Mac computers, instead of the add-on. In March, criminals delivered the same program through fake download sites for legitimate AI tools.

 

AI as the prize

For state-backed hackers, AI is also something to steal. Chinese state hackers targeted technology companies more frequently than any other sector, and CrowdStrike assesses that AI is a particularly high-value target for theft for Beijing, which has stated it intends to lead the world in AI by 2030.

Beijing’s pursuit of US AI extends beyond hacking. In April, the State Department warned allied governments that Chinese AI firms were replicating leading US models through distillation, in which one AI system learns by analyzing another’s outputs. A White House memo called the efforts “industrial-scale.”

Iran has threatened AI companies directly. On March 31, its Revolutionary Guard threatened retaliation against the Middle East locations of 18 US technology and AI companies if targeted killings of its leadership continued.

 

Trend line

The most targeted industry is technology, accounting for 20% of all break-ins in Q1 2026. That is 26% higher than the second-most-targeted sector, consulting and professional services. CrowdStrike expects AI to accelerate the problem as attackers improve the sophistication, scale, and speed of their attacks, shrinking the time defenders have to identify and stop them.

Clayton Rifkind

Clayton Rifkind is the Founder and Senior Editor of AI Risk Today. He also advises on content development for esgtoday.com, a leading source of ESG investment news and research for institutional investors and corporate leaders. He has 20+ years experience in B2B technology marketing, leading strategy and execution of go-to-market plans across software, enterprise platforms, and mobile applications. He also founded two marketing consultancies, advising startups and Fortune 1000 companies, including Autodesk, Intel, and Microsoft. Clayton began his career in the San Francisco advertising scene, working with brands such as Hewlett-Packard, Intel, Microsoft, Symantec, and Wells Fargo.

Essential AI Risk Intelligence

Daily insights on AI governance, regulation, and enterprise risk management. Trusted by Chief Risk Officers and compliance leaders globally.

SUBSCRIBE

By subscribing, you agree to receive our daily newsletter. Unsubscribe anytime.

Advertise with AI RIsk Today, Today!