SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Darkened office hoodie figure computer cybercrime asian architecture window
#
Advanced Persistent Threat Protection
#
AI Security
#
AI

AI-powered ransomware & cybercrime booming across APJ region

Tue, 21st Oct 2025
Author image
By Melania Watson, Interview Editor

The 2025 APJ eCrime Landscape Report from CrowdStrike highlights a surge in AI-driven ransomware attacks and ongoing activity within decentralised Chinese-language cybercrime marketplaces across the Asia Pacific and Japan region.

The report is based on threat intelligence and analysis from CrowdStrike's specialists, tracking more than 265 known adversary groups. It paints a detailed picture of how advancements in artificial intelligence and changes in cybercriminal infrastructure are shaping the threat landscape in APJ.

AI and ransomware

Findings from the report indicate that AI-accelerated ransomware is a significant and growing risk, particularly targeting high-value organisations in India, Australia, and Japan. AI-enhanced social engineering techniques and the development of new automated malware have led to attacks that are both faster and more numerous. "AI-developed malware enables adversaries to launch high-velocity, high-volume attacks," said Adam Meyers, Head of Counter Adversary Operations at CrowdStrike.

The report notes that Ransomware-as-a-Service providers such as KillSec and Funklocker, who rely on AI-developed malware, were responsible for over 120 ransomware incidents affecting industries including manufacturing, technology, and financial services. In total, 763 victims were listed on public leak sites, highlighting the widespread impact across different sectors.

Chinese cybercrime marketplaces

Despite increased restrictions by authorities within China to curb cybercrime, the report finds that Chinese-speaking threat actors continue to operate anonymously using decentralised marketplaces. Examples identified include Chang'an, FreeCity, and Huione Guarantee, with transactions facilitated across platforms such as the clearnet, darknet, and Telegram. The Huione Guarantee marketplace alone processed an estimated USD $27 billion in illicit transactions before its disruption in 2025.

The decentralised nature of these forums allows cybercriminals to purchase and sell stolen credentials, phishing kits, malware, and services related to money laundering. Operational security, or OPSEC, has remained a central focus for actors utilising these channels, further complicating tracking and prosecution.

Financial manipulation campaigns

According to the report, another major trend involved coordinated account takeover campaigns targeting Japanese securities trading accounts. These attacks, attributed to Chinese-speaking threat actors, enabled artificial inflation of thinly traded China-based stocks, known as a pump-and-dump scheme. The infrastructure used for phishing was shared and ultimately led to victim details being sold on various forums, including the Chang'an Marketplace.

Expansion of supporting cybercrime services

Industrialisation of cybercrime has accelerated across the region, as noted by the notable rise of eCrime service providers. The report singles out entities like CDNCLOUD, providing bulletproof hosting; Magical Cat, offering Phishing-as-a-Service; and Graves International SMS, which operates a global spamming service. These providers enable broader distribution of phishing attacks, malware, and facilitate the monetisation of stolen data.

Additionally, the use of remote access tools such as ChangemeRAT, ElseRAT, and WhiteFoxRAT continues to target both Chinese- and Japanese-speaking users. Attackers commonly employ SEO poisoning, deceptive advertising, and phishing disguised as legitimate purchase orders to compromise systems.

Response from CrowdStrike

"eCrime actors are industrializing cybercrime across APJ through thriving underground markets and complex ransomware operations. Simultaneously, AI-developed malware enables adversaries to launch high-velocity, high-volume attacks," said Adam Meyers, Head of Counter Adversary Operations at CrowdStrike. "Defenders must meet this new pace of attack with decisive action, powered by AI, informed by human experience, and unified in response."

The report concludes that the combination of rapidly evolving AI, decentralised marketplaces, and a maturing cybercrime service economy presents ongoing challenges for organisations in the region.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Forrester predicts AI errors to cost B2B firms over USD $10 billion
Drata appoints Aneal Vallurupalli as CFO amid global expansion
Ping Identity launches platform to secure & manage AI agents
Gigamon unveils quantum-safe cryptography in GigaVUE update
Barracuda unveils AI assistant to boost security team efficiency

Top stories

Harnessing the power of ICT to propel your enterprise forward: Five key trends you need to be across in 2026
The cybersecurity imperative for smart factories
Fortinet unveils Secure AI Data Centre with 69% power saving
Exclusive: Google on AI-powered attacks & cyber threats in Australia
Hexaware boosts cybersecurity with strategic CyberSolve acquisition