A new CrowdStrike report reveals a troubling evolution in cybercrime across Asia-Pacific and Japan (APJ), where threat actors now operate with corporate-level efficiency and strategic precision. These “enterprising adversaries” execute attacks with scalable infrastructure and business-like discipline, focusing on maximizing impact.
Ransomware Strikes Selectively
From January 2024 to April 2025, 763 APJ organizations were named on ransomware leak sites, with India, Australia, Japan, Taiwan, and Singapore hit hardest. Despite the region representing over half the world’s population, APJ victims constituted only 9% of global ransomware cases.
Manufacturing, technology, and financial services bore the brunt of attacks. Interestingly, major ransomware groups largely avoided targeting China, with some explicitly prohibiting attacks on Chinese entities — an unusual restriction likely aimed at avoiding legal consequences.
Underground Markets Fuel Criminal Activity
Chinese-language criminal marketplaces like Chang’an and FreeCity continue thriving despite government crackdowns. These platforms host numerous criminal services while emphasizing anonymity to avoid law enforcement attention.
The most significant player was Huione Guarantee, a Cambodia-based platform that facilitated an estimated $27 billion in transactions, primarily supporting money laundering and “pig butchering” scams — elaborate frauds where victims are manipulated into cryptocurrency investments. U.S. authorities designated Huione a money laundering concern in May 2025, leading to its shutdown.
Targeted Attacks on Local Users
Chinese and Japanese speakers face specific threats from malware like ChangemeRAT, ElseRAT, and WhiteFoxRAT. These tools are distributed through fake software downloads and often include checks to specifically target Chinese-language systems.
Financial entities in Bangladesh, India, Japan, Malaysia, and other regional countries have been consistently targeted by the SOLAR SPIDER group, which uses transaction-themed phishing emails to deliver malware.
Vietnam’s Social Media Focus
Vietnamese cybercriminals have specialized in compromising social media business accounts with significant advertising budgets. In 2024, authorities prosecuted over 20 individuals whose malware campaigns compromised more than 20,000 social media accounts.
What This Means
The report underscores how cybercriminals are professionalizing their operations while exploiting regional vulnerabilities. Organizations must adopt advanced AI-powered security, implement phishing-resistant authentication, and maintain comprehensive visibility across their digital environments. As attackers become more sophisticated and business-like in their approach, defenders need equally advanced strategies to stay ahead.
