2025年亚太及日本地区网络犯罪态势报告

Table ofContents Executive Summary eCrime Overview Big Game Hunting4 Vietnam-Based Threats14 Conclusion Recommendations About CrowdStrike18 ExecutiveSummary A new era of cyber threats has emerged in the Asia Pacific and Japan (APJ)region, one marked by the rise of the enterprising adversary — a term introducedin the CrowdStrike 2025 Global Threat Report. This modern class of threat actoroperates with business-like discipline, executing attacks with strategic precision,scalable infrastructure, and a clear focus on maximizing impact. Their methodsreflect a calculated approach that mirrors corporate efficiency, enabling them toreach their objectives faster and with greater consequence. In this environment, innovation is essential to stay ahead. Organizations acrossAPJ must adopt advanced technologies and proactive threat hunting strategies tooutpace adversaries that are constantly evolving their tactics. These threat actorsexploit both technical and human vulnerabilities. They leverage social engineeringtactics, often amplified by AI, and target unmanaged devices that fall outsidetraditional IT oversight. These blind spots offer attackers undetected entrypoints for data theft, lateral movement, or broader system compromise. The CrowdStrike Counter Adversary Operations team has brought togetherindustry-leading threat intelligence and best-in-class managed threat huntingwith the AI-powered CrowdStrike Falcon® platform to detect, disrupt, and stopenterprising adversaries. Counter Adversary Operations comprises two closelyintegrated teams. The CrowdStrike Intelligence team provides actionable reportingthat identifies new adversaries, monitors their activities, and captures emergingcyber threat developments in real time. The CrowdStrike OverWatch team usesthis intelligence to conduct proactive threat hunting across customer telemetry todetect and address malicious activity. Together, these teams protect thousands ofcustomers from the most sophisticated adversaries by providing the intelligenceand threat hunting skills and resources that most organizations lack. A diverse mix of regional and global eCrime threat actors is operating acrossthe evolving APJ eCrime landscape. In addition to major ransomware groupsthat impact organizations globally, lesser-known threat actors are activelytargeting the APJ region, especially through underground Chinese-languagechannels that support phishing, credential theft, and monetization campaigns.In Southeast Asia, financially motivated threat actors are zeroing in on high-valuesocial media business accounts, reflecting a shift toward tailored, opportunistictargeting. These financially motivated cybercriminals are referred to asSPIDERs in CrowdStrike’s adversary naming convention. This report offers an in-depth view of the APJ eCrime threat landscape based onCrowdStrike Intelligence reporting from January 2024 to April 2025. It exploresregional adversaries, underground economies, and malware trends across CentralAsia, East Asia, Southeast Asia, South Asia, and Oceania to provide the contextand clarity needed to defend against today’s most enterprising adversaries. eCrime Overview Big Game Hunting From January 1, 2024, to April 30, 2025, CrowdStrike Intelligence documented 763 APJ-based victims named on dataextortion and ransomware dedicated leak sites (DLSs).1The five countries most represented on DLSs in this time frameare India, Australia, Japan, Taiwan, and Singapore (Figure 1). Although the APJ region represents more than half of theglobal population, victims based in this region constituted only 9% of 8,418 organizations named on DLSs globally. Ransomware actors most frequently targeted the manufacturing, technology, industrials and engineering, financialservices, and professional services sectors (Figure 1). Based on the DLS data, OCULAR SPIDER, BITWISE SPIDER, BRAIN SPIDER, TRAVELING SPIDER, and PUNK SPIDERissued the most ransomware threats to the APJ region from January 2024 to April 2025 (Figure 2). These adversaries’regional victim proportions are similar to the overall APJ-based big game hunting (BGH) victim proportions, indicatingthe adversaries likely targeted relevant APJ-based entities opportunistically rather than with overall strategic intent. These adversaries (except BITWISE SPIDER) did not list Chinese entities on their DLSs, even though China is both theworld’s second largest economy and second most populous country. OCULAR SPIDER — otherwise the most prolificadversary — explicitly prohibited affiliates from targeting China, the Commonwealth of Independent States (CIS),Cuba, and the Democratic People’s Republic of Korea (DPRK). BGH adversaries prohibiting certain target areas isnot uncommon, but such prohibitions are typically confined to CIS nations. Ransomware as a service (RaaS) providersFunkLocker(developed through AI) andKillSecnamed a disproportionatenumber of APJ-based victims on their DLSs, comprising 35% and 32% of their total victim