Cyberattackers demonstrated unprecedented speed and diversity of tactics last year, according to CrowdStrike’s latest global threat report. The cybersecurity firm found that threat groups are increasingly relying on exploiting trusted systems and predictable methodologies to achieve rapid network access and evade detection. This acceleration means organizations must adapt to faster-moving adversaries.
The average time it took financially-motivated attackers to move from initial intrusion to other network systems, known as breakout time, decreased to just 29 minutes in 2025. This represents a significant 65% increase in speed compared to the previous year. Reports from CrowdStrike indicate some exceptionally fast attacks achieved network penetration in as little as 27 seconds.
CrowdStrike Reports Accelerated Cyberattack Pace
This alarming trend suggests defenders are struggling to keep pace with evolving attacker techniques. Threat actors are becoming more adept at using social engineering to quickly gain access to high-privilege systems and navigate victim networks, including cloud infrastructure, undetected.
Exploiting Cross-Domain Gaps
According to Adam Meyers, head of counter adversary operations at CrowdStrike, attackers are effectively exploiting vulnerabilities where different IT domains intersect. “Threat actors are exploiting those cross-domain gaps to gain access to environments, so they’re wriggling in between the seams in cloud, identity, enterprise and unmanaged network devices,” Meyers stated.
The challenges for defenders are compounded by a growing number of threat actors and the extensive use of “living-off-the-land” techniques, which involve using legitimate system tools to carry out malicious activities. This environment can contribute to defender burnout, leading to potential errors.
CrowdStrike identified 281 distinct threat groups by the end of 2025, including 24 new groups named during the year. The firm is also actively monitoring 150 active malicious activity clusters and emerging threat groups, underscoring the expanding threat landscape.
Cloud Environments as Prime Targets
Both cybercriminals seeking financial gain and nation-states conducting espionage or establishing long-term footholds in critical infrastructure are increasingly targeting security weaknesses in cloud-based environments. These attacks have seen a substantial 37% year-over-year increase. Nation-state threat groups specifically demonstrated a 266% surge in cloud-focused malicious activity.
Crucially, the report highlights a significant shift away from traditional malware. A substantial 82% of attacks detected in 2025 were malware-free, indicating a growing reliance on hands-on-keyboard operations and the abuse of legitimate credentials. CrowdStrike reported that over one-third of incident response cases involving cloud intrusions last year were linked to compromised or misused credentials.
Nation-State Activity on the Rise
Attacks originating from or sponsored by North Korea saw a notable increase of 130% last year, while incidents linked to China rose by 38%. Chinese threat groups often achieved immediate system access, exploiting vulnerabilities in two-thirds of their targets. Approximately 40% of these exploits targeted edge devices, such as firewalls and routers.
Zero-day vulnerabilities, particularly those found in edge devices, played a significant role in allowing nation-state and cybercrime groups to infiltrate systems and execute code with minimal detection. CrowdStrike observed a 42% year-over-year increase in the exploitation of zero-day vulnerabilities before their public disclosure.
Meyers predicts a further increase in zero-day exploits, potentially driven by artificial intelligence tools used by attackers to discover and exploit vulnerabilities in various software products within the next three to nine months.
Implications and Future Outlook
The acceleration of attacker speed is flagged as the most concerning trend in CrowdStrike’s report. The narrowing breakout times suggest a critical need for organizations to enhance their detection and response capabilities. The prospect of attacks occurring in seconds, or even milliseconds, poses a significant challenge to traditional security measures.
Looking ahead, the cybersecurity community will be closely watching the extent to which artificial intelligence accelerates the discovery and exploitation of zero-day vulnerabilities. Organizations can expect continued evolution in attacker tactics, emphasizing the ongoing need for robust, adaptive security strategies and swift incident response.