CrowdStrike warns of ‘enterprising adversaries’ as eCrime surges across Asia-Pacific

CrowdStrike's latest report, the 2025 APJ eCrime Landscape, reveals a troubling increase in sophisticated cybercriminal activities throughout the Asia-Pacific and Japan (APJ) regions. These so-called 'enterprising adversaries' are leveraging artificial intelligence, scalable infrastructure, and systematic approaches to carry out attacks that mirror the operations of legitimate businesses. From January 2024 to April 2025, the report identified 763 victims in the APJ area listed on ransomware and data extortion leak websites. Among the nations most impacted were India, Australia, Japan, Taiwan, and Singapore, with the manufacturing, technology, and financial services sectors facing the most significant threats. CrowdStrike highlighted several prominent ransomware groups, including OCULAR SPIDER, BITWISE SPIDER, and PUNK SPIDER, as particularly active in this region. Notably, many of these organizations appear to steer clear of targeting China, hinting at possible internal regulations within the cybercriminal community. The report also noted a rise in ransomware-as-a-service (RaaS) operations, with groups like FunkLocker and KillSec disproportionately affecting victims in the APJ region, particularly in India. FunkLocker’s leader, known as Scorpion, has openly discussed selecting targets based on their financial stature and vulnerabilities in security measures. Additionally, the underground Chinese-language eCrime markets continue to flourish despite government efforts to clamp down. Well-known marketplaces such as Chang’an and FreeCity have become hotspots for stolen data and hacking tools, while platforms like Huione Guarantee on Telegram have been implicated in extensive money laundering and cryptocurrency fraud before their recent closures. Vietnam has also emerged as a significant player in cybercrime, particularly in targeting social media business accounts with substantial advertising budgets. Malware like Ailurophile Stealer and FatStealer has been responsible for compromising thousands of accounts worldwide. Furthermore, threat groups such as SOLAR SPIDER are focusing on financial institutions in South Asia and Southeast Asia, employing fake payment transaction emails to distribute malware like JsOutProx RAT. To combat these evolving threats, CrowdStrike recommends that organizations in the APJ region adopt 'agentic AI' technologies, ensure secure digital identities, and enhance cross-domain visibility through modern extended detection and response (XDR) systems. The report emphasizes the importance of proactive threat hunting and cloud-native protection measures, concluding that ransomware and data extortion will remain significant threats to major economies like India, Japan, and Australia, as cybercriminals continue to innovate using underground networks and AI-driven tactics.