Navigating the New Era of Enterprising Adversaries

The cybersecurity landscape is defined by a new breed of threat actors: the “enterprising adversary.” These adversaries operate with business-like precision, leveraging sophisticated tactics to maximize impact and achieve their objectives rapidly. Their ability to exploit emerging technologies, bypass traditional defenses, and navigate complex attack surfaces demands a paradigm shift in how organizations approach cybersecurity. This blog explores the rise of enterprising adversaries, their innovative tactics, and strategic recommendations for staying ahead in this evolving threat landscape.

The Rise of the Enterprising Adversary

Enterprising adversaries distinguish themselves through their calculated efficiency and adaptability. Unlike traditional cybercriminals, these actors combine strategic foresight with advanced tools, such as generative artificial intelligence (Gen AI), to enhance their operations. According to a report, there is 27% year-over-year increase in interactive intrusions, attacks involving hands-on-keyboard activities underscoring the growing sophistication of these threats. Notably, eCrime accounts for 73% of these intrusions, with adversaries targeting high-value sectors like technology, government, and telecommunications.

One striking example is Famous Chollima, a DPRK-nexus adversary that has infiltrated over 320 companies in the past 12 months, a 220% increase from the previous year. By leveraging Gen AI, CODED SERPENT creates convincing résumés, employs real-time deepfake technology in video interviews, and uses AI code assistants to perform job duties, blending seamlessly into corporate environments. This level of deception challenges traditional security measures and highlights the need for innovative defenses.

Read also: How to Protect Your Business from Deepfake Scams in the Age of AI

Exploiting New Attack Surfaces

The report reveals that adversaries are increasingly moving beyond traditional endpoints to exploit unmanaged devices and cloud environments. A 136% increase in cloud intrusions in the first half of 2025 compared to all of 2024 underscores the growing focus on cloud exploitation. China-nexus adversaries, such as PRIME LION and MYSTIC BEAR, have become adept at navigating cloud control planes, using misconfigurations and stolen credentials to establish persistence and exfiltrate data.

Similarly, adversaries like Scattered Spider exploit human vulnerabilities through voice phishing (vishing), which surged by 442% in 2024 and continued to rise in 2025. By impersonating legitimate employees and manipulating help desk staff, Scattered Spider compromises accounts within minutes, pivoting to SaaS applications for further access. These cross-domain attacks—spanning identity, endpoint, and cloud—generate fewer detections in any single domain, making them exceptionally difficult to identify without integrated visibility.

Read also: What is Vishing? Understanding and Combating Voice Phishing

The Role of Gen AI in Adversary Operations

Gen AI is a game-changer for both adversaries and defenders. Threat actors use it to enhance phishing campaigns, create synthetic identities, and optimize social engineering. For instance, Famous Chollima’s use of Gen AI to automate insider threat operations demonstrates its potential to scale attacks. Similarly, adversaries leverage Gen AI for multilingual propaganda and infrastructure creation, amplifying their reach.

However, Gen AI’s effectiveness depends on human expertise. As the report notes, sophisticated users maintain an advantage in exploiting Gen AI’s potential, particularly in technical operations like vulnerability exploitation and malware development. This dual-use nature of Gen AI underscores the need for defenders to harness it responsibly to counter threats.

Read also: AI-Native Cybersecurity: The Future-Proof Defense Your Business Needs

Strategies to Counter Enterprising Adversaries

To combat these evolving threats, organizations must adopt a proactive, intelligence-driven approach. Futurism Security offers several strategic recommendations:

• Leverage AI-Powered Solutions: Agentic AI systems, capable of reasoning and acting autonomously within defined guardrails, can scale security operations. By triaging alerts and automating investigations, these systems free up analysts for hypothesis-driven threat hunting, enhancing strategic impact.
• Secure the Identity Ecosystem: With adversaries exploiting credentials and social engineering, organizations should implement phishing-resistant MFA, such as hardware security keys, and enforce just-in-time access. Continuous monitoring for authentication anomalies and unusual network traffic is critical.
• Eliminate Cross-Domain Visibility Gaps: Next-gen SIEM and extended detection and response (XDR) platforms provide unified visibility across endpoints, cloud, and identity systems. By correlating data, these tools help detect dispersed adversary activities that appear benign in isolation.
• Defend the Cloud as Core Infrastructure: Cloud-native application protection platforms (CNAPPs) and cloud detection and response (CDR) solutions are essential for identifying misconfigurations and responding to threats. Regular audits and strict access controls limit exposure.
• Know the Adversary: Intelligence-driven approaches enable organizations to anticipate adversary tactics. Regular tabletop exercises and red/blue teaming help identify gaps and strengthen response capabilities.

The Path Forward

The enterprising adversary thrives on complexity, exploiting trusted relationships and emerging technologies to evade detection. Futurism Security’s team counters this by integrating threat intelligence with proactive hunting, leveraging the AI-powered Futurism Security Platform to track adversaries across domains. By operationalizing these insights, organizations can transform challenges into opportunities, building resilience against the most sophisticated threats.

Going ahead, cybersecurity leaders must prioritize innovation and integration. The future of defense lies in anticipating adversary moves, leveraging AI to scale operations, and fostering a culture of preparedness. Futurism Security remains committed to empowering organizations to stay one step ahead, ensuring that wherever adversaries strike, defenders are already there.

Learn more about how Futurism Security can protect your organization at www.futurismsecurity.com