The Asia Pacific and Japan (APJ) region faces a new era of cyber threats driven by “enterprising adversaries” — sophisticated threat actors operating with AI-enabled tactics, business-like discipline, and strategic precision, according to a new report released Monday by CrowdStrike Inc.
This ecosystem provides a safe haven for Chinese-speaking actors to buy and sell stolen credentials, phishing kits, malware, and money-laundering services — processing billions in illicit transactions, according to CrowdStrike’s 2025 APJ eCrime Landscape Report.
At the same time, the report says, AI is transforming the ransomware economy. From AI-enhanced social engineering to automated malware development, AI is accelerating every stage of the attack chain — representing a new wave of adversaries executing Big Game Hunting campaigns against high-value organizations across APJ.
“eCrime actors are industrializing cybercrime across APJ through thriving underground markets and complex ransomware operations. Simultaneously, AI-developed malware enables adversaries to launch high-velocity, high-volume attacks,” said Adam Meyers, head of counter adversary operations at CrowdStrike. “Defenders must meet this new pace of attack with decisive action, powered by AI, informed by human experience, and unified in response.”
The CrowdStrike report provides intelligence-driven insights into the APJ eCrime ecosystem, revealing the adversaries, underground markets, and tactics most threatening organizations today.
For instance, according to the 18-page report, enterprising adversaries in APJ scale operations with AI-enabled tactics, and their ransomware hits manufacturing, tech, and financial services across India, Australia, and Japan.
Underground Chinese-language marketplaces also fuel phishing, fraud, and credential theft, while Vietnam-based threat actors hijack social media business accounts with custom stealers, says the report, and eCrime services enable attacks with bulletproof hosting, phishing kits, and SMS spam, as SOLAR SPIDER continues to target APJ financial institutions with phishing and malware.
All of this is happening despite the Chinese government’s internet restrictions and eCrime crackdown tightened restrictions, says CrowdStrike.
Specifically, Chinese underground markets — including Chang’an, FreeCity, and Huione Guarantee — preserve anonymity across clearnet, darknet, and Telegram channels. This decentralized ecosystem remains a hub for Chinese-speaking actors focused on operational security, with Huione Guarantee alone processing an estimated $27 billion USD before its 2025 disruption, CrowdStrike says.
Among several examples, AI-accelerated ransomware on high-value targets has surged, with India, Australia, and Japan among the most impacted countries, the report says, adding that emerging ransomware-as-a-service providers KillSec and Funklocker — leveraging AI-developed malware — accounted for more than 120 incidents.
The top targeted sectors included manufacturing, technology, and financial services, with 763 victims publicly named on dedicated leak sites, the report says.
“As adversaries leverage AI to accelerate attacks and exploit both technical and human vulnerabilities, organizations across APJ must adopt proactive threat hunting strategies and advanced technologies,” says CrowdStrike, which adds that the report provides intelligence and context to stay ahead of such constantly evolving threats in the APJ region.