CrowdStrike’s 2025 APJ eCrime Landscape Report Reveals Surge in Cybercrime

CrowdStrike’s 2025 APJ eCrime Landscape Report highlights a significant increase in structured, business-oriented cybercriminals across Asia-Pacific and Japan (APJ). These enterprising adversaries leverage AI, scalable infrastructure, and disciplined strategies to conduct attacks with the same accuracy as legitimate businesses.

Overview of Cybercrime in the APJ Region

The cybersecurity firm reported that between January 2024 and April 2025, there were 763 victims in the APJ region identified on ransomware and data extortion leak sites. The countries most impacted were India, Australia, Japan, Taiwan, and Singapore, with manufacturing, technology, and financial services being the primary sectors targeted.

Major Ransomware Operators Identified

CrowdStrike pinpointed several significant ransomware groups, such as OCULAR SPIDER, BITWISE SPIDER, and PUNK SPIDER, as the most active in the area. Notably, many of these operations tend to avoid targeting China despite its vast market, indicating possible internal limitations among these cybercriminal networks.

Emerging Ransomware-as-a-Service Groups

New ransomware-as-a-service (RaaS) entities, such as FunkLocker and KillSec, reported a disproportionately high number of victims based in APJ, with India suffering the most severe impacts. The leader of FunkLocker, known as Scorpion, previously acknowledged that they select targets based on revenue and insufficient security measures.

Chinese-Language eCrime Markets

The report also underscores the resilience of underground Chinese-language eCrime markets, which continue to flourish despite government efforts to dismantle them. Marketplaces like Chang’an and FreeCity have become central hubs for stolen data, carding, and hacking tools, while platforms on Telegram, such as Huione Guarantee, have been associated with large-scale money laundering and cryptocurrency fraud before being shut down earlier this year.

Cybercrime Hotspot in Vietnam

Vietnam has emerged as another centre for cybercrime, especially concerning attacks on social media business accounts with significant advertising budgets. Local malware variants such as Ailurophile Stealer and FatStealer have compromised thousands of accounts across the globe.

Threat Groups Targeting Financial Institutions

Additionally, cyber threat groups like SOLAR SPIDER have directed their efforts towards financial institutions in South Asia and Southeast Asia by using fake payment transaction emails to distribute malware such as JsOutProx RAT.

Recommendations for APJ Organisations

CrowdStrike’s report advises that organisations within APJ implement “agentic AI” to counteract adversaries that utilise artificial intelligence, secure their digital identities, and improve cross-domain visibility through modern extended detection and response (XDR) systems. The report emphasises the importance of proactive threat hunting and adopting cloud-native protection strategies.

CrowdStrike concluded that ransomware and data extortion will remain the predominant eCrime threats for major economies like India, Japan, and Australia, even as cybercriminals continue to evolve through underground ecosystems and AI-driven tactics.