More than half of all state-sponsored cyberattacks aimed at the US technology sector are coming from one place. And they’re after one thing.

CrowdStrike’s 2026 Technology Threat Landscape Report found that China-linked adversaries were responsible for 58% of state-sponsored cyber intrusions targeting US tech companies, with artificial intelligence assets and intellectual property sitting squarely in the crosshairs. The report covers activity from April 1, 2025, through March 31, 2026.

Five panda-named groups are doing the heavy lifting

CrowdStrike identified five distinct China-nexus threat groups driving the campaign: MURKY PANDA, MUSTANG PANDA, OVERCAST PANDA, SUNRISE PANDA, and WARP PANDA. Each group targeted the technology sector more aggressively than any other industry, reflecting Beijing’s broader strategic push toward technological self-sufficiency.

MURKY PANDA stood out as particularly prolific. Its password-spraying operations alone compromised more than 340 US-based entities.

The naming convention here, all those “PANDAs,” is CrowdStrike’s designation system for China-linked adversaries. Russia-linked groups get “BEAR” names, Iran gets “KITTEN,” and so on.

CrowdStrike’s report attributes the surge directly to Beijing’s objective of acquiring AI capabilities and intellectual property that its domestic ecosystem hasn’t been able to develop at the same pace.

AI is both weapon and target

CrowdStrike documented an 89% increase in attacks conducted by AI-enabled adversaries over the reporting period.

The technology sector has now become the most targeted industry worldwide, according to CrowdStrike’s data. That distinction holds true for both state-sponsored actors and criminal enterprises.