Cybersecurity firm CrowdStrike has raised the alarm over the growing sophistication of financially motivated cyberattacks in the Asia-Pacific and Japan (APJ) region, warning that rapid digitalization continues to attract eCrime groups targeting high-value industries.
The findings were released Tuesday, Oct. 21, in the 2025 APJ eCrime Landscape Report — the company’s first study dedicated solely to financial cybercrime in the region.
The report draws on CrowdStrike Intelligence data collected from January 2024 to April 2025, shedding light on ransomware operations, emerging attack techniques, and underground criminal economies fueling these threats.
Ransomware Dominates APJ’s Cyber Landscape
CrowdStrike identified 763 APJ-based victims listed on ransomware and data extortion leak sites during the review period.
The countries most affected were India, Australia, Japan, Taiwan, and Singapore, with manufacturing, technology, financial services, industrial engineering, and professional services emerging as top targets.
The report also highlighted the growing influence of Ransomware-as-a-Service (RaaS) operators — cybercriminals who sell or lease their ransomware code to other attackers.
Two major RaaS providers, FunkLocker and KillSec, were found to have an outsized focus on APJ targets, with 35% and 32% of their total victims, respectively, located in the region.
CrowdStrike noted that FunkLocker attributed its victim selection to high revenue potential and weaker defenses among targets.
The company also discovered that FunkLocker had built its ransomware using Generative AI (GenAI) — a trend that, while innovative, introduced vulnerabilities that allowed CrowdStrike to recover stolen files without paying ransom.
“Threat actors that are very sophisticated benefit from the use of GenAI, but less skilled ones often use it to their detriment,” said Adam Meyers, CrowdStrike’s senior vice president of counter adversary operations.
Emerging Threat Actors and Underground Networks
Beyond ransomware, CrowdStrike uncovered a range of eCrime operations across the region.
A South Asia–based actor known as Solar Spider was observed launching phishing campaigns disguised as financial correspondence to deliver malware to banks and foreign exchange companies in South Asia, Southeast Asia, and the Middle East — including several attacks against Philippine organizations.
Vietnam- and China-based groups were also reported to be using formjacking techniques to steal payment card information, while another Vietnamese cybercrime ecosystem was found to compromise high-value social media business accounts to siphon advertising budgets.
The report also mapped out the Chinese-language underground economy, where cybercriminal marketplaces offer illicit services to thousands of members.
Platforms such as CDNCLOUD, a “bulletproof hosting” provider, and Chang’an (Sleepless City), a Telegram-based hub with over 7,000 members, were found to be selling stolen data, credit card credentials, and hacking tools to users across the region — including the Philippines.
Defensive Strategies for APJ Organizations
To combat these growing threats, CrowdStrike urged organizations to strengthen identity security, conduct regular cloud infrastructure audits, and ensure full visibility across endpoints, networks, and identity systems.
With the rise of AI-assisted attacks, the company also recommended adopting agentic AI systems — autonomous, reasoning-driven AI tools that enhance detection and response speeds.
Finally, the report emphasized the need for intelligence-driven defense, encouraging enterprises to study their adversaries’ tactics to better prioritize patching and monitoring efforts.
“Forewarned is forearmed,” the report noted, calling on APJ organizations to act decisively as cybercriminals evolve their methods with speed and precision.
