Singapore – The latest 2026 global threat report from CrowdStrike revealed a sharp acceleration in cyber threat activity across Asia Pacific, driven by the rapid adoption of artificial intelligence by both criminal and state-linked adversaries.
The report highlights an 89% rise of year-on-year AI-enabled attacks with the average eCrime breakout time falling to 29 minutes, representing a 65% increase in speed compared with 2024. The fastest recorded breakout took just 27 seconds, while in one case data exfiltration began within four minutes of compromise.
The report mentioned how the APAC region is a central focus of state-linked operations, particularly from China- and DPRK-aligned groups. China-nexus activity increased 38% globally, with multiple campaigns heavily targeting organisations in Australia, India, Indonesia, the Philippines and across Southeast Asia. Logistics saw an 85% rise in targeting, alongside notable increases in telecommunications and financial services.
Meanwhile, 40% of vulnerabilities exploited by China-linked actors involved internet-facing edge devices, such as VPNs and firewalls, while 67% of exploited flaws provided immediate remote code execution. The report notes that newly disclosed vulnerabilities were frequently weaponised within days, narrowing the window for patching and mitigation.
“Breakout time is the clearest signal of how intrusion has changed. Adversaries are moving from initial access to lateral movement in minutes,” Adam Meyers, head of counter adversary operations at CrowdStrike, commented.
“AI is compressing the time between intent and execution while turning enterprise AI systems into targets. Security teams must operate faster than the adversary to win.”
Additionally, DPRK-linked activity also intensified, with incident volume rising by more than 130% in 2025. One operation attributed to PRESSURE CHOLLIMA resulted in the theft of cryptocurrency valued at approximately $1.46b, marking the largest publicly reported cryptocurrency heist to date. Several DPRK-aligned groups were also observed conducting supply chain attacks and targeting software developers to enable downstream compromise.
Across the region, cloud-conscious intrusions also rose 37%, including a 266% increase among state-nexus actors. Valid account abuse accounted for 35% of cloud incidents, underlining the growing importance of identity-based attacks. The majority of detections— 82%—were malware-free, reflecting a shift towards interactive intrusions in which attackers use legitimate credentials and trusted tools to blend into normal business activity.
The findings indicate that organisations in APAC face a threat environment defined by speed, automation and the exploitation of trusted systems.
As AI becomes embedded across enterprise operations, it is simultaneously expanding the attack surface and accelerating adversary tradecraft, compressing response times for defenders across the region.
