Issue 140

CrowdStrike: 2026 Global Threat Report – Year of the Evasive Adversary

By Dr. Larissa Beavers 2026: CrowdStrike released the 2026 Global Threat Report , which claims that China-linked cyber adversaries’ growing focus on exploiting network perimeter and edge devices—such as VPNs, firewalls, and gateways—poses a significant risk to organizations in the space domain. Many space systems rely…

By Dr. Larissa Beavers

2026: CrowdStrike released the 2026 Global Threat Report, which claims that China-linked cyber adversaries’ growing focus on exploiting network perimeter and edge devices—such as VPNs, firewalls, and gateways—poses a significant risk to organizations in the space domain. Many space systems rely on interconnected ground infrastructure and internet-facing network equipment, making these edge devices attractive entry points for attackers seeking persistent access. By rapidly exploiting newly disclosed vulnerabilities, these actors can establish long-term footholds in ground networks that support satellite operations, mission control, and data processing. Such access could enable intelligence collection, disruption of mission-critical services, or lateral movement into more sensitive operational systems. As this tradecraft is expected to continue into 2026, space sector organizations may face increasing pressure to secure edge infrastructure that underpins satellite and ground segment networks.

Summary of CrowdStrikes Analysis on China Nexus Threat Actors (From 2026 Global Threat Report:

  • In 2025, China-linked actors operationalized public exploits within days of disclosure.
  • This speed reflects significant state-sponsored resources for rapid vulnerability research and exploit development.
  • OPERATOR PANDA exploited CVE-2025-25257 six days after a public POC release.
  • PHANTOM PANDA exploited CVE-2025-31324 three days after the vendor disclosed it.
  • China-linked cyber actors weaponized newly disclosed vulnerabilities within days, quickly targeting space ground systems, satellite control networks, or mission infrastructure.
  • Custom malware and global C2 infrastructure enable adversaries to maintain long-term network access, posing risks to satellite operations, ground stations, and mission data.
  • China-linked cyber actors are expected to continue exploiting vulnerabilities in internet-facing systems (e.g., routers, firewalls, remote access devices) to expose space mission networks, satellite control systems, and ground infrastructure.
  • Adversaries can exploit newly disclosed vulnerabilities and maintain undetected access for extended periods, enabling collection against sectors supporting space operations.


Chinese Cyber Operations in 2025 AI Generated Image