Singapore – Cybercriminal networks across the Asia Pacific and Japan region are becoming increasingly organised and technology-driven, with AI now accelerating ransomware attacks and underground marketplaces facilitating billions in illicit transactions, according to the latest report by CrowdStrike.
The report highlights the continued growth of online marketplaces operating in Chinese-language and regional networks, which enable the trade of stolen credentials, phishing kits, malware, and money-laundering services.
Despite restrictions on internet activity in some jurisdictions, these decentralised forums and encrypted channels have remained active, processing vast sums through anonymised transactions. One now-defunct marketplace, identified in the report as Huione Guarantee, was estimated to have enabled more than US$27 billion in laundering and investment scam-related activity prior to its disruption in mid-2025.
The findings also point to the role of hosting and service providers offering infrastructure that supports such activities across Asia, including operations linked to markets in Thailand, Singapore, Malaysia, Indonesia, Cambodia, and the Philippines.
“eCrime actors are industrialising cybercrime across APJ through thriving underground markets and complex ransomware operations with AI-powered malware enabling high-velocity and high-volume attacks,” Adam Meyers, head of counter adversary operations at CrowdStrike, stated.
“Defenders must meet this new pace of attack with decisive action, powered by AI, informed by human experience, and unified in response.”
AI has become a key enabler in the ransomware economy, enhancing social engineering techniques, automating malware development, and enabling large-scale, targeted attacks. Between January 2024 and April 2025, more than 760 victims across the Asia Pacific and Japan were identified on data extortion and ransomware leak sites.
The most frequently affected economies were India, Australia, Japan, Taiwan, and Singapore, with manufacturing, technology, financial services, industrials, and professional services among the sectors most heavily targeted.
In the Philippines, the financial sector experienced a notable increase in activity from cyber adversaries. From January to May 2025, one threat group known as SOLAR SPIDER launched multiple phishing-based campaigns against banks and foreign exchange providers.
These operations often mimicked legitimate transaction alerts to distribute malicious software, including a new version of the Meduza Stealer and custom reconnaissance tools.
In Japan, account takeover campaigns have targeted securities platforms to manipulate the stock prices of smaller listed companies. Meanwhile, in Vietnam, criminal networks have shifted towards hijacking high-value business social media accounts to misappropriate advertising funds.
The report also notes the emergence of new ransomware operators using AI to expand their reach. Groups such as KillSec and Funklocker have been associated with more than 120 incidents across the Asia Pacific, reflecting the increasing industrialisation of cybercrime.
Remote access tools such as ChangemeRAT, ElseRAT, and WhiteFoxRAT are being distributed through phishing campaigns, manipulated search results, and fraudulent online advertisements, particularly affecting users across East and Southeast Asia.
CrowdStrike’s findings indicate that cybercrime across the region is evolving into a more automated, decentralised, and commercially motivated ecosystem, driven by the convergence of AI innovation, underground marketplaces, and professionalised eCrime service providers.
