AI Escalates Telco Cyber Threats, Warns CrowdStrike Report

As AI continues to reshape digital environments, its role in cybersecurity is becoming increasingly complex. While AI holds enormous potential to strengthen defences, malicious actors are exploiting it at scale, transforming a once-promising tool into a significant liability.
CrowdStrike’s 2025 Threat Hunting Report delivers a stark assessment of the evolving threat landscape, highlighting how cybercriminals and nation-state actors are leveraging generative AI (Gen AI) to enhance the speed, sophistication and stealth of their operations.
For telcos – already high-value targets – the findings signal a pressing need to rethink conventional cybersecurity strategies.
Cyber threats go interactive – and AI-powered
CrowdStrike’s report reveals a 27% increase in interactive intrusions over the past year. These are no longer static, pre-planned attacks. Instead, they are dynamic, real-time breaches where adversaries continually adjust their tactics to bypass legacy security systems.
“Adversaries are innovating their operations to bypass legacy detection methods,” CrowdStrike states, highlighting how traditional perimeter-based defences are losing relevance. Alarmingly, 81% of observed attacks did not involve malware, with threat actors gaining access by impersonating legitimate users inside networks.
Financially motivated eCrime remains dominant, accounting for nearly 75% of these intrusions. The motivations are clear: data is lucrative and the barriers to entry for cybercriminals are rapidly falling due to Gen AI’s accessibility.
Gen AI: From Threat detection to threat creation
Perhaps the most disturbing revelation is the scale at which Gen AI is now weaponised. CrowdStrike identifies North Korean group FAMOUS CHOLLIMA as a prominent example, using AI to craft deepfake videos and generate convincing CVs to gain employment within target companies.
The group has compromised more than 320 organisations in the past year, a staggering 220% increase.
AI’s capabilities enable operatives to mask language differences, perform highly technical tasks and maintain multiple job roles without detection. Its use goes far beyond social engineering.
Russian and Iranian actors now employ Gen AI-driven language models to power phishing and disinformation campaigns.
CrowdStrike links Russian EMBER BEAR to wide-scale propaganda dissemination, while Iran-backed CHARMING KITTEN launches multilingual phishing attacks against Western enterprises. These tactics further erode trust and make detection increasingly difficult for under-resourced security teams.
Cloud and SaaS platforms in the crosshairs
Traditional cyber defences are crumbling in the face of more fluid, boundaryless environments. The report highlights how threat groups such as SCATTERED SPIDER bypass endpoint security entirely, focusing instead on cloud and SaaS platforms to carry out vishing attacks.
These often involve impersonating employees to reset passwords and circumvent multi-factor authentication.
Such tactics are highly effective. Cloud-based intrusions rose by 136% in 2025, led by actors like GENESIS PANDA and MURKY PANDA. Telcos, in particular, have seen a 130% increase in nation-state-backed intrusions, largely the result of long-term intelligence-gathering campaigns.
Recalibrating cybersecurity for the AI era
For telcos operating in a climate of escalating threats, the report reinforces the urgency to rethink cybersecurity posture. CrowdStrike stresses the need to “leverage AI not only for detection but to build autonomous defence mechanisms capable of managing threats at speed and scale.”
The scale includes embedding AI at the core of cyber operations, enabling real-time response and predictive analytics to stay ahead of evolving adversaries.
Strategic implications for telcos
Telcos occupy a unique position in global infrastructure. Their networks are integral not only to public services but to enterprise connectivity and government operations. That makes them particularly attractive to nation-state and eCrime actors alike.
To counter, security leaders must invest in AI-enhanced threat detection, endpoint visibility across cloud and hybrid environments and employee awareness training that reflects the sophistication of modern social engineering attacks.
CrowdStrike’s report is not merely a warning; it is a call to action. In an era where Gen AI accelerates cybercrime, resilience depends not on building taller walls, but on smarter, more adaptive defences.


