Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
CrowdStrike’s new 2025 APJ eCrime Landscape Report unpacks a wave of AI-powered threats targeting organisations in the region, with Australia in the top five most targeted countries in the region.
Cyber security firm CrowdStrike has released its latest report into the state of cyber crime in the Asia-Pacific region, outlining the impact of artificial intelligence across the cyber criminal ecosystem.
“E-crime actors are industrialising cyber crime across APJ through thriving underground markets and complex ransomware operations,” said Adam Meyers, head of counter adversary operations at CrowdStrike.
“Simultaneously, AI-developed malware enables adversaries to launch high-velocity, high-volume attacks.”
According to the report, Chinese underground markets on the clear and dark nets alike are a key driver of crime in the region. Despite government restrictions and a tough stance on e-crime, markets such as Chang’an, FreeCity, and Huione Guarantee are thriving, with the latter alone processing around US$27 billion before it was disrupted earlier this year.
These Chinese-language markets allow the buying and selling of compromised credentials, phishing kits and malware, and money laundering services, making them a one-stop shop for cyber criminals.
AI on the hunt
CrowdStrike’s report also revealed the growing acceleration of AI-powered threats, particularly when it comes to AI-developed ransomware.
Between 1 January 2024 to 30 April 2025, CrowdStrike tracked 763 APJ-based victims listed on darknet leak sites, with India, Australia, Japan, Taiwan, and Singapore the most targeted countries in the region. The most targeted sectors were manufacturing, technology, industrials and engineering, financial services, and professional services.
The ransomware threat actors most active in the region are KillSec, FunkLocker, Hunters International, and Qilin, with 63, 59, 35, and 34 victims, respectively.
“Ransomware as a service (RaaS) providers FunkLocker and KillSec named a disproportionate number of APJ-based victims on their DLSs, comprising 35 per cent and 32 per cent of their total victims, respectively,” CrowdStrike said.
“Of these victims, most were based in India (21 per cent for FunkLocker and 33 percent for KillSec). CrowdStrike Intelligence cannot currently assess the threat actors’ targeting goals; however, FunkLocker claimed in an interview that they target entities based on a combination of revenue and weak defenses. The group’s leader, Scorpion, has historically also engaged in hacktivism.”
Account takeovers and RATs
While ransomware operators tended towards opportunistic attacks, many other e-criminals are more targeted in their operations.
Chinese-speaking hackers engaged in a coordinated account takeover campaign targeting Japanese trading accounts, using pump-and-dump tactics to inflate the value of Chinese stocks, while similar actors focused on deploying remote access tools such as ChangemeRAT, ElseRAT, and WhiteFoxRAT against Japanese- and Chinese-speaking victims.
Several service providers offer a range of criminal services to would-be hackers in the region. China-based bulletproof hosting provider CDNCLOUD, for instance, provides escrow services to the aforementioned Huione Group, while a threat actor known as Luck markets its Magical Cat phishing-as-a-service tool via several Telegram channels.
“CrowdStrike Intelligence documented 29 distinct Magical Cat phishing domains targeting organisations across APJ,” the company said.
“Domain registration patterns, campaign timelines, and targeting cycles analysis suggest these campaigns were conducted by multiple distinct threat actors leveraging the same phishing kit rather than as part of a single coordinated operation.”
Meyers said: “Defenders must meet this new pace of attack with decisive action, powered by AI, informed by human experience, and unified in response.”
You can read the full report here.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
