Combating Cyber-Espionage Requires Enterprises to Keep Their Eyes on the Endgame

The tectonic plates of the nation-state threat landscape have shifted significantly in 2025. 

Cyberattacks from foreign adversaries have evolved and are now impacting enterprises in new ways. CrowdStrike’s 2025 Threat Report found that Chinese cyber-espionage — what the Department of State has called the Chinese Communist Party’s Military-Civil Fusion Policy — surged by 150% from the previous year. Sectors like finance, media, and manufacturing have seen security incidents spike as much as 300%, according to the report.  

“In 2025, China has emerged as the most active nation-state cyber actor targeting American and European companies,” Martin Vigo, lead security researcher at AppOmni, told us. 

While determining a specific percentage is difficult, cyberespionage constitutes a significant portion of the cyber-threat activity targeting the US private sector, said Michael J. Driscoll, senior managing director at FTI Consulting: 

• Sectors that are likely to be impacted include energy, technology, aerospace, biotechnology, robotics, EV and automotive, and advanced manufacturing.
• In 2019, the government calculated that US companies were losing up to $600 billion to Chinese IP theft. Today, that number is expected to be much higher, but hard to estimate because such attacks often go undetected and are not reported, experts said.
• CISOs should be on the lookout for highly tailored spear-phishing emails aimed at executives and engineers, exploitation of zero-day or unpatched vulnerabilities, dark web leaks, infostealer malware, and living-off-the-land techniques.  

Today, a ransomware attack may be used as a smokescreen to distract security teams while threat actors silently exfiltrate sensitive corporate data, says Mike Logan, CEO of C2 Data Technology. “China’s state-sponsored hackers have dramatically scaled their operations, focusing on both economic espionage and strategic intelligence collection,” Logan added. 

Other novel techniques in use this year include breaching supply chain partners, SaaS and third-party service providers, and using stolen credentials for malware-free exploitation, said Nic Adams, founder and CEO at Orcus. Attackers are also increasingly using AI to compromise business emails and mobile devices, said Driscoll. 

While China and the US have struck a 90-day tariff war truce, uncertainty remains. The dangers of future cyber attacks, in retaliation for tariffs, are a “highly real” danger moving forward, said Adams. 

Given the unpredictable nature of global politics, US enterprises must take proactive steps to harden and strengthen their defenses, improve threat detection, and ensure rapid-response capabilities.

“Executives must recognize how the endgame equates to competitive displacement,” Adam said. “Always assume your blueprints are being harvested or monitored in real-time, because somewhere in the world, they most likely already are.”